概述
cgroups资源限制技术
1.什么是cgroups?
cgroups是linux内核提供的一种机制,这种机制可以通过需求把一系列系统任务,及其子任务整合到按资源划分的不同组内,从而为系统资源管理提供统一的框架。通俗来说,cgroups可以限制记录任务组所使用的物理资源,包括cpu,内存,io等。为容器虚拟化提供了基本保证,是构建docker等一系列虚拟化容器的基石。
2.cgroups的作用。
cgroups的作用主要是为不同用户层面的资源管理,提供一个统一化的接口。从单个用户的资源控制到操作作系统层面的虚拟化,cgroups提供了四大功能。
## 资源限制
##优先级分配
##资源统计
##任务控制
过去一段时间,内核开发者甚至也把namespace作为一个子系统加入进来。使cgroups也拥有namespace的功能。但资源隔离给cgroups带来了许多问题,如命名冲突等,不久便被移除。
3.cgroups实现方式及其工作原理。
cgroups的实现本质上是给任务挂上钩子,当任务运行时设计某种资源时,就会触发钩子上所附带的子系统进行检测,根据资源的类别的不同使用对应的技术进行资源限制和优先级分配。
对于不同的系统资源,cgroups提供了统一接口对资源进行控制,但限制的方式不一定相同。比如memory子系统,会在描述内存状态的的“mm_struct”结构体中记录他所属的cgroup,当进程需要更多内存时,就会触发cgroup用量检测,如果用量超过cgroup规定的限额则拒绝用户的内存申请,否则就给与相应申请的内存,并在cgroup内存信息中记录出来。
cgroup的资源控制系统也叫子系统,每种子系统独立的控制一种资源。docker使用如下九种子系统。
##blkio:为块设备提供输入输出限制,包括硬盘,usb等。
##cpu:使用调度程序控制任务对cpu的使用。
##cpuacct:自动生成cgroup中任务对cpu资源使用情况的报告。
##cpuset:可以为cgroup中任务分配独立的cpu和内存。
##devices:可以开启或者关闭cgroup中任务对设备的使用。
##freezer:可以挂起或者恢复cgroup中的任务。
##memory:对内存使用的控制并且自动生成使用报告。
perf——event:使用后使cgroup中的任务进行统一的性能测试。
##*net—cls:通过使用等级识别符号来标记网络数据包。
[root@server1 ~]# yum search cgroup ##cgroups的安装
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
======================== N/S Matched: cgroup ========================
libcgroup.i686 : Tools and libraries to control and monitor control
: groups
libcgroup.x86_64 : Tools and libraries to control and monitor control
: groups
libcgroup-devel.i686 : Development libraries to develop applications
: that utilize control groups
libcgroup-devel.x86_64 : Development libraries to develop
: applications that utilize control groups
Name and summary matches only, use "search all" for everything.
[root@server1 ~]# yum install libcgroup.x86_64
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package libcgroup.x86_64 0:0.40.rc1-5.el6 will be installed
--> Processing Dependency: redhat-lsb-core for package: libcgroup-0.40.rc1-5.el6.x86_64
--> Running transaction check
---> Package redhat-lsb-core.x86_64 0:4.0-7.el6 will be installed
--> Processing Dependency: perl-Test-Simple for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: perl-Test-Harness for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: perl-ExtUtils-MakeMaker for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: perl-CGI for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/time for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/pax for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/patch for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/msgfmt for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/man for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/bc for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/batch for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /usr/bin/at for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /bin/mailx for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /bin/gettext for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Processing Dependency: /bin/ed for package: redhat-lsb-core-4.0-7.el6.x86_64
--> Running transaction check
---> Package at.x86_64 0:3.1.10-43.el6_2.1 will be installed
---> Package bc.x86_64 0:1.06.95-1.el6 will be installed
---> Package ed.x86_64 0:1.1-3.3.el6 will be installed
---> Package gettext.x86_64 0:0.17-16.el6 will be installed
--> Processing Dependency: libgomp.so.1(GOMP_1.0)(64bit) for package: gettext-0.17-16.el6.x86_64
--> Processing Dependency: cvs for package: gettext-0.17-16.el6.x86_64
--> Processing Dependency: libgomp.so.1()(64bit) for package: gettext-0.17-16.el6.x86_64
---> Package mailx.x86_64 0:12.4-7.el6 will be installed
---> Package man.x86_64 0:1.6f-32.el6 will be installed
--> Processing Dependency: lzma for package: man-1.6f-32.el6.x86_64
---> Package patch.x86_64 0:2.6-6.el6 will be installed
---> Package pax.x86_64 0:3.4-10.1.el6 will be installed
---> Package perl-CGI.x86_64 0:3.51-136.el6 will be installed
---> Package perl-ExtUtils-MakeMaker.x86_64 0:6.55-136.el6 will be installed
--> Processing Dependency: perl-devel for package: perl-ExtUtils-MakeMaker-6.55-136.el6.x86_64
---> Package perl-Test-Harness.x86_64 0:3.17-136.el6 will be installed
---> Package perl-Test-Simple.x86_64 0:0.92-136.el6 will be installed
---> Package time.x86_64 0:1.7-37.1.el6 will be installed
--> Running transaction check
---> Package cvs.x86_64 0:1.11.23-16.el6 will be installed
---> Package libgomp.x86_64 0:4.4.7-4.el6 will be installed
---> Package perl-devel.x86_64 4:5.10.1-136.el6 will be installed
--> Processing Dependency: perl(ExtUtils::ParseXS) for package: 4:perl-devel-5.10.1-136.el6.x86_64
--> Processing Dependency: glibc-devel for package: 4:perl-devel-5.10.1-136.el6.x86_64
--> Processing Dependency: gdbm-devel for package: 4:perl-devel-5.10.1-136.el6.x86_64
--> Processing Dependency: db4-devel for package: 4:perl-devel-5.10.1-136.el6.x86_64
---> Package xz-lzma-compat.x86_64 0:4.999.9-0.3.beta.20091007git.el6 will be installed
--> Processing Dependency: xz = 4.999.9-0.3.beta.20091007git.el6 for package: xz-lzma-compat-4.999.9-0.3.beta.20091007git.el6.x86_64
--> Running transaction check
---> Package db4-devel.x86_64 0:4.7.25-18.el6_4 will be installed
--> Processing Dependency: db4-cxx = 4.7.25-18.el6_4 for package: db4-devel-4.7.25-18.el6_4.x86_64
--> Processing Dependency: libdb_cxx-4.7.so()(64bit) for package: db4-devel-4.7.25-18.el6_4.x86_64
---> Package gdbm-devel.x86_64 0:1.8.0-36.el6 will be installed
---> Package glibc-devel.x86_64 0:2.12-1.132.el6 will be installed
--> Processing Dependency: glibc-headers = 2.12-1.132.el6 for package: glibc-devel-2.12-1.132.el6.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.132.el6.x86_64
---> Package perl-ExtUtils-ParseXS.x86_64 1:2.2003.0-136.el6 will be installed
---> Package xz.x86_64 0:4.999.9-0.3.beta.20091007git.el6 will be installed
--> Running transaction check
---> Package db4-cxx.x86_64 0:4.7.25-18.el6_4 will be installed
---> Package glibc-headers.x86_64 0:2.12-1.132.el6 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.132.el6.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.132.el6.x86_64
--> Running transaction check
---> Package kernel-headers.x86_64 0:2.6.32-431.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
libcgroup x86_64 0.40.rc1-5.el6 rhel-source 125 k
Installing for dependencies:
at x86_64 3.1.10-43.el6_2.1 rhel-source 60 k
bc x86_64 1.06.95-1.el6 rhel-source 110 k
cvs x86_64 1.11.23-16.el6 rhel-source 712 k
db4-cxx x86_64 4.7.25-18.el6_4 rhel-source 588 k
db4-devel x86_64 4.7.25-18.el6_4 rhel-source 6.6 M
ed x86_64 1.1-3.3.el6 rhel-source 72 k
gdbm-devel x86_64 1.8.0-36.el6 rhel-source 25 k
gettext x86_64 0.17-16.el6 rhel-source 1.8 M
glibc-devel x86_64 2.12-1.132.el6 rhel-source 978 k
glibc-headers x86_64 2.12-1.132.el6 rhel-source 608 k
kernel-headers x86_64 2.6.32-431.el6 rhel-source 2.8 M
libgomp x86_64 4.4.7-4.el6 rhel-source 118 k
mailx x86_64 12.4-7.el6 rhel-source 235 k
man x86_64 1.6f-32.el6 rhel-source 263 k
patch x86_64 2.6-6.el6 rhel-source 91 k
pax x86_64 3.4-10.1.el6 rhel-source 69 k
perl-CGI x86_64 3.51-136.el6 rhel-source 209 k
perl-ExtUtils-MakeMaker x86_64 6.55-136.el6 rhel-source 293 k
perl-ExtUtils-ParseXS x86_64 1:2.2003.0-136.el6 rhel-source 45 k
perl-Test-Harness x86_64 3.17-136.el6 rhel-source 231 k
perl-Test-Simple x86_64 0.92-136.el6 rhel-source 112 k
perl-devel x86_64 4:5.10.1-136.el6 rhel-source 423 k
redhat-lsb-core x86_64 4.0-7.el6 rhel-source 25 k
time x86_64 1.7-37.1.el6 rhel-source 26 k
xz x86_64 4.999.9-0.3.beta.20091007git.el6
rhel-source 137 k
xz-lzma-compat x86_64 4.999.9-0.3.beta.20091007git.el6
rhel-source 15 k
Transaction Summary
=====================================================================
Install 27 Package(s)
Total download size: 17 M
Installed size: 45 M
Is this ok [y/N]: y
Downloading Packages:
(1/27): at-3.1.10-43.el6_2.1.x86_64.rpm | 60 kB 00:00
(2/27): bc-1.06.95-1.el6.x86_64.rpm | 110 kB 00:00
(3/27): cvs-1.11.23-16.el6.x86_64.rpm | 712 kB 00:00
(4/27): db4-cxx-4.7.25-18.el6_4.x86_64.rpm | 588 kB 00:00
(5/27): db4-devel-4.7.25-18.el6_4.x86_64.rpm | 6.6 MB 00:00
(6/27): ed-1.1-3.3.el6.x86_64.rpm | 72 kB 00:00
(7/27): gdbm-devel-1.8.0-36.el6.x86_64.rpm | 25 kB 00:00
(8/27): gettext-0.17-16.el6.x86_64.rpm | 1.8 MB 00:00
(9/27): glibc-devel-2.12-1.132.el6.x86_64.rpm | 978 kB 00:00
(10/27): glibc-headers-2.12-1.132.el6.x86_64. | 608 kB 00:00
(11/27): kernel-headers-2.6.32-431.el6.x86_64 | 2.8 MB 00:00
(12/27): libcgroup-0.40.rc1-5.el6.x86_64.rpm | 125 kB 00:00
(13/27): libgomp-4.4.7-4.el6.x86_64.rpm | 118 kB 00:00
(14/27): mailx-12.4-7.el6.x86_64.rpm | 235 kB 00:00
(15/27): man-1.6f-32.el6.x86_64.rpm | 263 kB 00:00
(16/27): patch-2.6-6.el6.x86_64.rpm | 91 kB 00:00
(17/27): pax-3.4-10.1.el6.x86_64.rpm | 69 kB 00:00
(18/27): perl-CGI-3.51-136.el6.x86_64.rpm | 209 kB 00:00
(19/27): perl-ExtUtils-MakeMaker-6.55-136.el6 | 293 kB 00:00
(20/27): perl-ExtUtils-ParseXS-2.2003.0-136.e | 45 kB 00:00
(21/27): perl-Test-Harness-3.17-136.el6.x86_6 | 231 kB 00:00
(22/27): perl-Test-Simple-0.92-136.el6.x86_64 | 112 kB 00:00
(23/27): perl-devel-5.10.1-136.el6.x86_64.rpm | 423 kB 00:00
(24/27): redhat-lsb-core-4.0-7.el6.x86_64.rpm | 25 kB 00:00
(25/27): time-1.7-37.1.el6.x86_64.rpm | 26 kB 00:00
(26/27): xz-4.999.9-0.3.beta.20091007git.el6. | 137 kB 00:00
(27/27): xz-lzma-compat-4.999.9-0.3.beta.2009 | 15 kB 00:00
---------------------------------------------------------------------
Total 33 MB/s | 17 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : xz-4.999.9-0.3.beta.20091007git.el6.x86_64 1/27
Installing : xz-lzma-compat-4.999.9-0.3.beta.20091007git.e 2/27
Installing : man-1.6f-32.el6.x86_64 3/27
Installing : cvs-1.11.23-16.el6.x86_64 4/27
Installing : bc-1.06.95-1.el6.x86_64 5/27
Installing : perl-CGI-3.51-136.el6.x86_64 6/27
Installing : patch-2.6-6.el6.x86_64 7/27
Installing : ed-1.1-3.3.el6.x86_64 8/27
Installing : mailx-12.4-7.el6.x86_64 9/27
Installing : db4-cxx-4.7.25-18.el6_4.x86_64 10/27
Installing : db4-devel-4.7.25-18.el6_4.x86_64 11/27
Installing : libgomp-4.4.7-4.el6.x86_64 12/27
Installing : gettext-0.17-16.el6.x86_64 13/27
Installing : kernel-headers-2.6.32-431.el6.x86_64 14/27
Installing : glibc-headers-2.12-1.132.el6.x86_64 15/27
Installing : glibc-devel-2.12-1.132.el6.x86_64 16/27
Installing : gdbm-devel-1.8.0-36.el6.x86_64 17/27
Installing : perl-Test-Harness-3.17-136.el6.x86_64 18/27
Installing : 1:perl-ExtUtils-ParseXS-2.2003.0-136.el6.x86_ 19/27
Installing : perl-ExtUtils-MakeMaker-6.55-136.el6.x86_64 20/27
Installing : 4:perl-devel-5.10.1-136.el6.x86_64 21/27
Installing : perl-Test-Simple-0.92-136.el6.x86_64 22/27
Installing : time-1.7-37.1.el6.x86_64 23/27
Installing : at-3.1.10-43.el6_2.1.x86_64 24/27
Installing : pax-3.4-10.1.el6.x86_64 25/27
Installing : redhat-lsb-core-4.0-7.el6.x86_64 26/27
Installing : libcgroup-0.40.rc1-5.el6.x86_64 27/27
Verifying : glibc-devel-2.12-1.132.el6.x86_64 1/27
Verifying : pax-3.4-10.1.el6.x86_64 2/27
Verifying : at-3.1.10-43.el6_2.1.x86_64 3/27
Verifying : glibc-headers-2.12-1.132.el6.x86_64 4/27
Verifying : 4:perl-devel-5.10.1-136.el6.x86_64 5/27
Verifying : man-1.6f-32.el6.x86_64 6/27
Verifying : redhat-lsb-core-4.0-7.el6.x86_64 7/27
Verifying : gettext-0.17-16.el6.x86_64 8/27
Verifying : perl-Test-Simple-0.92-136.el6.x86_64 9/27
Verifying : time-1.7-37.1.el6.x86_64 10/27
Verifying : gdbm-devel-1.8.0-36.el6.x86_64 11/27
Verifying : xz-lzma-compat-4.999.9-0.3.beta.20091007git.e 12/27
Verifying : kernel-headers-2.6.32-431.el6.x86_64 13/27
Verifying : perl-Test-Harness-3.17-136.el6.x86_64 14/27
Verifying : libgomp-4.4.7-4.el6.x86_64 15/27
Verifying : 1:perl-ExtUtils-ParseXS-2.2003.0-136.el6.x86_ 16/27
Verifying : perl-ExtUtils-MakeMaker-6.55-136.el6.x86_64 17/27
Verifying : db4-cxx-4.7.25-18.el6_4.x86_64 18/27
Verifying : mailx-12.4-7.el6.x86_64 19/27
Verifying : db4-devel-4.7.25-18.el6_4.x86_64 20/27
Verifying : ed-1.1-3.3.el6.x86_64 21/27
Verifying : patch-2.6-6.el6.x86_64 22/27
Verifying : perl-CGI-3.51-136.el6.x86_64 23/27
Verifying : bc-1.06.95-1.el6.x86_64 24/27
Verifying : libcgroup-0.40.rc1-5.el6.x86_64 25/27
Verifying : cvs-1.11.23-16.el6.x86_64 26/27
Verifying : xz-4.999.9-0.3.beta.20091007git.el6.x86_64 27/27
Installed:
libcgroup.x86_64 0:0.40.rc1-5.el6
Dependency Installed:
at.x86_64 0:3.1.10-43.el6_2.1
bc.x86_64 0:1.06.95-1.el6
cvs.x86_64 0:1.11.23-16.el6
db4-cxx.x86_64 0:4.7.25-18.el6_4
db4-devel.x86_64 0:4.7.25-18.el6_4
ed.x86_64 0:1.1-3.3.el6
gdbm-devel.x86_64 0:1.8.0-36.el6
gettext.x86_64 0:0.17-16.el6
glibc-devel.x86_64 0:2.12-1.132.el6
glibc-headers.x86_64 0:2.12-1.132.el6
kernel-headers.x86_64 0:2.6.32-431.el6
libgomp.x86_64 0:4.4.7-4.el6
mailx.x86_64 0:12.4-7.el6
man.x86_64 0:1.6f-32.el6
patch.x86_64 0:2.6-6.el6
pax.x86_64 0:3.4-10.1.el6
perl-CGI.x86_64 0:3.51-136.el6
perl-ExtUtils-MakeMaker.x86_64 0:6.55-136.el6
perl-ExtUtils-ParseXS.x86_64 1:2.2003.0-136.el6
perl-Test-Harness.x86_64 0:3.17-136.el6
perl-Test-Simple.x86_64 0:0.92-136.el6
perl-devel.x86_64 4:5.10.1-136.el6
redhat-lsb-core.x86_64 0:4.0-7.el6
time.x86_64 0:1.7-37.1.el6
xz.x86_64 0:4.999.9-0.3.beta.20091007git.el6
xz-lzma-compat.x86_64 0:4.999.9-0.3.beta.20091007git.el6
Complete!
[root@server1 ~]# cd /cgroup/
[root@server1 cgroup]# ls
[root@server1 cgroup]# /etc/init.d/cgconfig start
Starting cgconfig service: [ OK ]
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd memory/
[root@server1 memory]# ls
cgroup.event_control memory.move_charge_at_immigrate
cgroup.procs memory.oom_control
memory.failcnt memory.soft_limit_in_bytes
memory.force_empty memory.stat
memory.limit_in_bytes memory.swappiness
memory.max_usage_in_bytes memory.usage_in_bytes
memory.memsw.failcnt memory.use_hierarchy
memory.memsw.limit_in_bytes notify_on_release
memory.memsw.max_usage_in_bytes release_agent
memory.memsw.usage_in_bytes tasks
[root@server1 memory]# vim /etc/cgconfig.conf
[root@server1 memory]# vim /etc/cgconfig.conf
[root@server1 memory]# /etc/init.d/network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 172.25.16.1 is already in use for device eth0...
[ OK ]
[root@server1 memory]# cd
[root@server1 ~]# /etc/init.d/cgconfig restart
Stopping cgconfig service: [ OK ]
Starting cgconfig service: [ OK ]
1.内存限制
[root@server1 ~]# free -m ##查看当前内存使用状况。
total used free shared buffers cached
Mem: 996 213 783 0 13 135
-/+ buffers/cache: 63 932
Swap: 991 0 991
##buffer(缓冲)主要作用是在于减少实际的i/o
操作次数,即将多次操作尽量减少合并成一次的成批操作,通常其中的在数据在操作完成之后,不会被继续使用。
##cache(缓存)主要作用是当有多个进程都要访问某个文件时,于是该文件便被做成缓存,方便下次访问,这样可提供系统性能。减少不必要的i/o。
[root@server1 ~]# cd /cgroup/
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd memory/
[root@server1 memory]# ls
cgroup.event_control memory.oom_control
cgroup.procs memory.soft_limit_in_bytes
memory.failcnt memory.stat
memory.force_empty memory.swappiness
memory.limit_in_bytes memory.usage_in_bytes
memory.max_usage_in_bytes memory.use_hierarchy
memory.memsw.failcnt notify_on_release
memory.memsw.limit_in_bytes release_agent
memory.memsw.max_usage_in_bytes tasks
memory.memsw.usage_in_bytes x1
memory.move_charge_at_immigrate
[root@server1 memory]# cd x1/
[root@server1 x1]# ls
cgroup.event_control memory.move_charge_at_immigrate
cgroup.procs memory.oom_control
memory.failcnt memory.soft_limit_in_bytes
memory.force_empty memory.stat
memory.limit_in_bytes memory.swappiness
memory.max_usage_in_bytes memory.usage_in_bytes
memory.memsw.failcnt memory.use_hierarchy
memory.memsw.limit_in_bytes notify_on_release
memory.memsw.max_usage_in_bytes tasks
memory.memsw.usage_in_bytes
[root@server1 x1]# cd /dev/shm
[root@server1 shm]# ls
[root@server1 shm]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 966M 17G 6% /
tmpfs 499M 0 499M 0% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot
[root@server1 shm]# dd if=/dev/zero of=bigfile bs=1M count=200
200+0 records in
200+0 records out
209715200 bytes (210 MB) copied, 0.207154 s, 1.0 GB/s
[root@server1 shm]# ll
total 204800
-rw-r--r-- 1 root root 209715200 May 11 14:15 bigfile
[root@server1 shm]# free -m
total used free shared buffers cached
Mem: 996 413 582 0 13 336
-/+ buffers/cache: 64 932
Swap: 991 0 991
[root@server1 shm]# dd if=/dev/zero of=bigfile bs=1M count=300
300+0 records in
300+0 records out
314572800 bytes (315 MB) copied, 0.219494 s, 1.4 GB/s
[root@server1 shm]# vim /etc/cgconfig.conf ##限制内存为256M
[root@server1 shm]# free -m
total used free shared buffers cached
Mem: 996 513 482 0 13 436
-/+ buffers/cache: 64 932
Swap: 991 0 991
[root@server1 shm]# Write failed: Broken pipe
[root@foundation16 ~]# ssh root@172.25.16.1
root@172.25.16.1's password:
Last login: Thu May 11 14:04:43 2017 from 172.25.16.250
[root@server1 ~]# rm -f bigfile
[root@server1 ~]# cd /dev/shm/
[root@server1 shm]# ls
[root@server1 shm]# cgexec -g memory:x1 dd if=/dev/zero of=bigfile bs=1M count=200
libcgroup initialization failed: Cgroup is not mounted
[root@server1 shm]# free -m
total used free shared buffers cached
Mem: 996 117 879 0 24 38
-/+ buffers/cache: 54 942
Swap: 991 0 991
[root@server1 shm]# /etc/init.d/cgconfig restart
Stopping cgconfig service: [ OK ]
Starting cgconfig service: [ OK ]
[root@server1 shm]# cgexec -g memory:x1 dd if=/dev/zero of=bigfile bs=1M count=200
200+0 records in
200+0 records out
209715200 bytes (210 MB) copied, 0.22044 s, 951 MB/s
[root@server1 shm]# free -m
total used free shared buffers cached
Mem: 996 318 678 0 24 238
-/+ buffers/cache: 55 941
Swap: 991 0 991
[root@server1 shm]# cgexec -g memory:x1 dd if=/dev/zero of=bigfile bs=1M count=300
300+0 records in
300+0 records out
314572800 bytes (315 MB) copied, 0.74307 s, 423 MB/s
[root@server1 shm]# free -m
total used free shared buffers cached
Mem: 996 373 622 0 24 238
-/+ buffers/cache: 110 886
Swap: 991 99 892
[root@server1 shm]#
[root@server1 shm]# vim /etc/cgconfig.conf
[root@server1 shm]# cat /etc/cgconfig.conf
#
# Copyright IBM Corporation. 2007
#
# Authors: Balbir Singh <balbir@linux.vnet.ibm.com>
# This program is free software; you can redistribute it and/or modify it
# under the terms of version 2.1 of the GNU Lesser General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See man cgconfig.conf for further details.
#
# By default, mount all controllers to /cgroup/<controller>
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
group x1 {
memory {
memory.limit_in_bytes = 20480000; ##内存限制为256m
memory.memsw.limit_in_bytes = 20480000;
}
}
[root@server1 shm]# cd
[root@server1 ~]# ls
anaconda-ks.cfg install.log install.log.syslog memapp1 memapp2
[root@server1 ~]# chmod +x *
[root@server1 ~]# yum install -y /lib/ld-linux.so.2
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
rhel-source/filelists_db | 3.8 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package glibc.i686 0:2.12-1.132.el6 will be installed
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.132.el6.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.132.el6.i686
--> Running transaction check
---> Package nss-softokn-freebl.i686 0:3.14.3-9.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
glibc i686 2.12-1.132.el6 rhel-source 4.3 M
Installing for dependencies:
nss-softokn-freebl i686 3.14.3-9.el6 rhel-source 147 k
Transaction Summary
=============================================================================
Install 2 Package(s)
Total download size: 4.5 M
Installed size: 14 M
Downloading Packages:
(1/2): glibc-2.12-1.132.el6.i686.rpm | 4.3 MB 00:00
(2/2): nss-softokn-freebl-3.14.3-9.el6.i686.rpm | 147 kB 00:00
-----------------------------------------------------------------------------
Total 41 MB/s | 4.5 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : nss-softokn-freebl-3.14.3-9.el6.i686 1/2
Installing : glibc-2.12-1.132.el6.i686 2/2
Verifying : glibc-2.12-1.132.el6.i686 1/2
Verifying : nss-softokn-freebl-3.14.3-9.el6.i686 2/2
Installed:
glibc.i686 0:2.12-1.132.el6
Dependency Installed:
nss-softokn-freebl.i686 0:3.14.3-9.el6
Complete!
[root@server1 ~]# su - hadoop
su: user hadoop does not exist
[root@server1 ~]# useradd hadoop
[root@server1 ~]# su - hadoop
[hadoop@server1 ~]$ ls
[hadoop@server1 ~]$ ls /root
ls: cannot open directory /root: Permission denied
[hadoop@server1 ~]$ pwd
/home/hadoop
[hadoop@server1 ~]$ exit
logout
[root@server1 ~]# mv /root/memapp* /home/hadoop
[root@server1 ~]# su - hadoop
[hadoop@server1 ~]$ ls
memapp1 memapp2
[hadoop@server1 ~]$ ll
total 16
-rwxr-xr-x 1 root root 5391 May 11 14:42 memapp1
-rwxr-xr-x 1 root root 5391 May 11 14:42 memapp2
[hadoop@server1 ~]$ ./memapp1
Process ID is: 1431
Grabbing 4096 pages of memory
Success!
Press any key to exit
[hadoop@server1 ~]$ ./memapp2
Process ID is: 1432
Grabbing 8192 pages of memory
Success!
Press any key to exit
[hadoop@server1 ~]$ exit
logout
[root@server1 ~]# vim /etc/cgconfig.conf
[root@server1 ~]# cat /etc/cgconfig.conf
#
# Copyright IBM Corporation. 2007
#
# Authors: Balbir Singh <balbir@linux.vnet.ibm.com>
# This program is free software; you can redistribute it and/or modify it
# under the terms of version 2.1 of the GNU Lesser General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See man cgconfig.conf for further details.
#
# By default, mount all controllers to /cgroup/<controller>
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
group x1 {
memory {
memory.limit_in_bytes = 20480000;
memory.memsw.limit_in_bytes = 20480000;
}
}
[root@server1 ~]# vim /etc/cgrules.conf
[root@server1 ~]# /etc/init.d/cgconfig restart
Stopping cgconfig service: [ OK ]
Starting cgconfig service: [ OK ]
[root@server1 ~]# /etc/init.d/cgred start
Starting CGroup Rules Engine Daemon: [ OK ]
[root@server1 ~]# su hadoop
[hadoop@server1 root]$ exit
exit
[root@server1 ~]# su - hadoop
[hadoop@server1 ~]$ ./memapp1
Process ID is: 1488
Grabbing 4096 pages of memory
Success!
Press any key to exit
[hadoop@server1 ~]$ ./memapp2
Process ID is: 1489
Grabbing 8192 pages of memory
Killed ##超过系统分配的内存后,进程被挂起。
2.cpu控制
[hadoop@server1 ~]$
cpu
[hadoop@server1 ~]$ cd /cgroup/
[hadoop@server1 cgroup]$ ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[hadoop@server1 cgroup]$ cd cpu/
[hadoop@server1 cpu]$ ls
cgroup.event_control cpu.rt_period_us notify_on_release
cgroup.procs cpu.rt_runtime_us release_agent
cpu.cfs_period_us cpu.shares tasks
cpu.cfs_quota_us cpu.stat
[hadoop@server1 cpu]$ cat cpu.shares
1024
[hadoop@server1 cpu]$ Write failed: Broken pipe
[root@foundation16 ~]# exit
logout
[kiosk@foundation16 Desktop]$ ssh root@172.25.16.1
root@172.25.16.1's password:
Last login: Thu May 11 14:18:52 2017 from 172.25.16.250
[root@server1 ~]# cd /cgroup/
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd cpu/
[root@server1 cpu]# ls
[root@server1 cpu]# /etc/init.d/cgconfig start
Starting cgconfig service: [ OK ]
[root@server1 cpu]# ls
[root@server1 cpu]# cd
[root@server1 ~]# /etc/init.d/cgconfig start
Starting cgconfig service: lock file already exists [WARNING]
[root@server1 ~]# cd /cgroup/
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd cpu/
[root@server1 cpu]# ls
cgroup.event_control cpu.rt_period_us notify_on_release
cgroup.procs cpu.rt_runtime_us release_agent
cpu.cfs_period_us cpu.shares tasks
cpu.cfs_quota_us cpu.stat
[root@server1 cpu]# cat cpu.shares
1024
[root@server1 cpu]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 2
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 42
Stepping: 1
CPU MHz: 2591.582
BogoMIPS: 5183.16
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
NUMA node0 CPU(s): 0,1
[root@server1 cpu]# cd /sys
[root@server1 sys]# cd devices/
[root@server1 devices]# cd system/
[root@server1 system]# ls
clocksource i8237 ioapic lapic memory timekeeping
cpu i8259 irqrouter machinecheck node
[root@server1 system]# cd cpu/
[root@server1 cpu]# ls
cpu0 cpufreq kernel_max online present
cpu1 cpuidle offline possible
[root@server1 cpu]# top
top - 15:22:09 up 4 min, 1 user, load average: 0.00, 0.02, 0.00
Tasks: 86 total, 1 running, 85 sleeping, 0 stopped, 0 zombie
Cpu0 : 0.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si,
Cpu1 : 0.0%us, 0.0%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si,
Mem: 1020240k total, 109148k used, 911092k free, 12060k buffer
Swap: 1015800k total, 0k used, 1015800k free, 39608k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 19232 1484 1220 S 0.0 0.1 0:00.51 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
7 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/1
8 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/1
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/1
10 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
11 root 20 0 0 0 0 S 0.0 0.0 0:00.08 events/0
12 root 20 0 0 0 0 S 0.0 0.0 0:00.01 events/1
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cgroup
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pm
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default
20 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
21 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
[root@server1 cpu]# cd cpu1
[root@server1 cpu1]# ls
cache crash_notes node0 online topology
[root@server1 cpu1]# echo 0 > online
[root@server1 cpu1]# top
top - 15:23:07 up 5 min, 1 user, load average: 0.00, 0.01, 0.00
Tasks: 72 total, 1 running, 71 sleeping, 0 stopped, 0 zombie
Cpu0 : 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si,
Mem: 1020240k total, 108528k used, 911712k free, 12060k buffer
Swap: 1015800k total, 0k used, 1015800k free, 39608k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 19232 1484 1220 S 0.0 0.1 0:00.51 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
11 root 20 0 0 0 0 S 0.0 0.0 0:00.09 events/0
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cgroup
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pm
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default
20 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
22 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kblockd/0
24 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpid
25 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_notif
26 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_hotpl
27 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata_aux
28 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata_sff/0
30 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksuspend_us
[root@server1 cpu1]# cd /cgroup/
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd cpu
[root@server1 cpu]# ls
cgroup.event_control cpu.rt_period_us notify_on_release
cgroup.procs cpu.rt_runtime_us release_agent
cpu.cfs_period_us cpu.shares tasks
cpu.cfs_quota_us cpu.stat
[root@server1 cpu]# cat cpu.shares
1024
[root@server1 cpu]# vim /etc/cgconfig.conf
[root@server1 cpu]# vim /etc/cgconfig.conf
[root@server1 cpu]# cat /etc/cgconfig.conf
#
# Copyright IBM Corporation. 2007
#
# Authors: Balbir Singh <balbir@linux.vnet.ibm.com>
# This program is free software; you can redistribute it and/or modify it
# under the terms of version 2.1 of the GNU Lesser General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See man cgconfig.conf for further details.
#
# By default, mount all controllers to /cgroup/<controller>
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
group x1 {
memory {
memory.limit_in_bytes = 20480000;
memory.memsw.limit_in_bytes = 20480000;
}
}
group x2 {
cpu {
cpu.shares = 100; ##内存限制为100M
}
}
ot@server1 cpu]#
[root@server1 cpu]# /etc/init.d/cg
cgconfig cgred
[root@server1 ~]# vim /etc/cgconfig.conf
[root@server1 ~]# /etc/init.d/cgconfig restart
Stopping cgconfig service: [ OK ]
Starting cgconfig service: [ OK ]
[root@server1 ~]# cd /cgroup/
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd cpu/
[root@server1 cpu]# ls
cgroup.event_control cpu.rt_period_us notify_on_release
cgroup.procs cpu.rt_runtime_us release_agent
cpu.cfs_period_us cpu.shares tasks
cpu.cfs_quota_us cpu.stat x2
[root@server1 cpu]# cd x2
[root@server1 x2]# ls
cgroup.event_control cpu.cfs_quota_us cpu.shares tasks
cgroup.procs cpu.rt_period_us cpu.stat
cpu.cfs_period_us cpu.rt_runtime_us notify_on_release
[root@server1 x2]# cat cpu.shares
100
[root@server1 x2]# cd
[root@server1 ~]# cgexec -g cpu:x2 dd if=/dev/zero of=/dev/null &
[1] 1135
[root@server1 ~]# top
top - 15:45:38 up 28 min, 1 user, load average: 0.77, 0.27, 0.10
Tasks: 73 total, 2 running, 71 sleeping, 0 stopped, 0 zombie
Cpu(s): 23.3%us, 76.7%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si,
Mem: 1020240k total, 112132k used, 908108k free, 12516k buffer
Swap: 1015800k total, 0k used, 1015800k free, 42392k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1135 root 20 0 102m 692 572 R 99.9 0.1 1:06.20 dd
1 root 20 0 19232 1492 1220 S 0.0 0.1 0:00.51 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
11 root 20 0 0 0 0 S 0.0 0.0 0:00.15 events/0
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cgroup
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pm
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default
20 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
22 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kblockd/0
24 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpid
25 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_notif
26 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_hotpl
27 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata_aux
28 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata_sff/0
[root@server1 ~]# dd if=/dev/zero of=/dev/null &
[2] 1137
[root@server1 ~]# top
top - 15:46:27 up 29 min, 1 user, load average: 1.05, 0.42, 0.15
Tasks: 74 total, 3 running, 71 sleeping, 0 stopped, 0 zombie
Cpu(s): 23.7%us, 76.3%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si,
Mem: 1020240k total, 112264k used, 907976k free, 12516k buffer
Swap: 1015800k total, 0k used, 1015800k free, 42392k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1137 root 20 0 102m 696 576 R 90.9 0.1 0:11.38 dd
1135 root 20 0 102m 692 572 R 8.7 0.1 1:44.01 dd
1 root 20 0 19232 1492 1220 S 0.0 0.1 0:00.51 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
11 root 20 0 0 0 0 S 0.0 0.0 0:00.15 events/0
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cgroup
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pm
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default
20 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
22 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kblockd/0
24 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpid
25 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_notif
26 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_hotpl
27 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata_aux
[root@server1 ~]#
3.io接口和freezer
[root@server1 cgroup]# cd blkio/
[root@server1 blkio]# ls
blkio.io_merged blkio.throttle.read_iops_device
blkio.io_queued blkio.throttle.write_bps_device
blkio.io_service_bytes blkio.throttle.write_iops_device
blkio.io_serviced blkio.time
blkio.io_service_time blkio.weight
blkio.io_wait_time blkio.weight_device
blkio.reset_stats cgroup.event_control
blkio.sectors cgroup.procs
blkio.throttle.io_service_bytes notify_on_release
blkio.throttle.io_serviced release_agent
blkio.throttle.read_bps_device tasks
[root@server1 blkio]# cat blkio.weight
1000
[root@server1 blkio]# vim /etc/security/limits.conf
[root@server1 blkio]# cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - an user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
hadoop hard nproc 100
hadoop hard nofile 100
[root@server1 blkio]# vim /etc/cgconfig.conf
[root@server1 ~]# cat /etc/cgconfig.conf
#
# Copyright IBM Corporation. 2007
#
# Authors: Balbir Singh <balbir@linux.vnet.ibm.com>
# This program is free software; you can redistribute it and/or modify it
# under the terms of version 2.1 of the GNU Lesser General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# See man cgconfig.conf for further details.
#
# By default, mount all controllers to /cgroup/<controller>
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
group x1 {
memory {
memory.limit_in_bytes = 20480000;
memory.memsw.limit_in_bytes = 20480000;
}
}
group x2 {
cpu {
cpu.shares = 100;
}
}
group x3 {
blkio {
blkio.throttle.read_bps_device = "252:0 1000000";
}
}
group x4 {
freezer{
}
}
[root@server1 blkio]# cd
[root@server1 ~]# /etc/init.d/cgconfig restart
Stopping cgconfig service: [ OK ]
Starting cgconfig service: [ OK ]
[root@server1 ~]#
freezer
[root@server1 ~]# cd /cgroup/
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd freezer/
[root@server1 freezer]# ls
cgroup.event_control notify_on_release tasks
cgroup.procs release_agent
[root@server1 freezer]# vim /etc/cgconfig.conf
[root@server1 freezer]# cd
[root@server1 ~]# vim /etc/cgconfig.conf
[root@server1 ~]# /etc/init.d/cgconfig restart
Stopping cgconfig service: [ OK ]
Starting cgconfig service: [ OK ]
[root@server1 ~]# dd if=/dev/zero of=/dev/null &
[3] 1357
[root@server1 ~]# cd /cgroup/
[root@server1 cgroup]# ls
blkio cpu cpuacct cpuset devices freezer memory net_cls
[root@server1 cgroup]# cd freezer/
[root@server1 freezer]# ls
cgroup.event_control notify_on_release tasks
cgroup.procs release_agent x4
[root@server1 freezer]# cd x4/
[root@server1 x4]# ls
cgroup.event_control freezer.state tasks
cgroup.procs notify_on_release
[root@server1 x4]# echo 1357 > tasks
[root@server1 x4]# echo FROZEN > freezer.state
[root@server1 x4]# cat freezer.state
FROZEN
[root@server1 x4]# echo THAWED > freezer.state
[root@server1 x4]#
docker仓库管理
1.docker registry 是存储容器镜像的仓库,用户可以通过docker client 与docker registry 进行通信,以此来完成镜像搜索,上传,下载等服务。用户可以在自己的数据中心搭建自有的registry,也可以使用公有的docker官方的公用registry,即docker Hub。
[root@foundation16 ~]# systemctl start docker
[root@foundation16 ~]# docker images registry
REPOSITORY TAG IMAGE ID CREATED SIZE
registry 2.3.1 83139345d017 14 months ago 165.8 MB
[root@foundation16 ~]# cd /opt/
[root@foundation16 opt]# ls
auth kingsoft registry rh
[root@foundation16 opt]# cd registry/
[root@foundation16 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6d83112bed2d rhel7:v6 "/usr/bin/supervisord" 17 hours ago Exited (0) 15 hours ago super
[root@foundation16 docker]# docker stop `docker ps -aq`
6d83112bed2d
[root@foundation16 docker]# docker rm `docker ps -aq`
6d83112bed2d
[root@foundation16 docker]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2.3.1 ##目录/var/lib/registry 是仓库存放镜像的位置。
39dedf0a7e2fbb077bae14521d861a55a620c85cf2d27d5109210be7b1e1ce3e
[root@foundation16 docker]# vim /etc/systemd/system/docker.service
[root@foundation16 registry]# cat /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/docker daemon -H fd:// --bip 192.168.10.16/24 --insecure-registry 172.25.254.16:5000 ##默认docker仓库推送拉取走的是https协议,需要tls加密支持,需要添加这一行。
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
[root@foundation16 docker]# systemctl status docker.servic
[root@foundation16 docker]# vim /etc/systemd/system/docker.service
[root@foundation16 docker]# systemctl daemon-reload
[root@foundation16 docker]# systemctl start docker
[root@foundation16 docker]# docker tag nginx 172.25.254.16:5000/nginx:v1
[root@foundation16 docker]# docker push 172.25.254.16:5000/nginx:v1 ##推送镜像到16仓库
[root@foundation16 docker]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2.3.1
6e995a8b63093c1d3e7b0ae956102331ff2b171cf7f3b5096ba02e2ea1d89e1e
[root@foundation16 docker]# ls
[root@foundation16 docker]# cd ..
[root@foundation16 registry]# docker tag nginx
[root@foundation16 registry]# docker tag nginx 172.25.254.16:5000/nginx:v1
[root@foundation16 registry]# docker push 172.25.254.16:5000/nginx:v1
The push refers to a repository [172.25.254.16:5000/nginx]
5f70bf18a086: Pushed
3f3324023e75: Pushed
f0d7d68f89e5: Pushed
917c0fc99b35: Pushed
v1: digest: sha256:65b585de947cd350f4021dc9f6cc6b5ab823191ca7f9be2168bc0a1fc389064d size: 1956
[root@foundation16 registry]# cd /opt/registry/
[root@foundation16 registry]# ls
docker
[root@foundation16 registry]# docker images nginx
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest af4b3d7d5401 14 months ago 190.5 MB
[root@foundation16 registry]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e995a8b6309 registry:2.3.1 "/bin/registry /etc/d" 4 minutes ago Up 4 minutes 0.0.0.0:5000->5000/tcp silly_wing
[root@foundation16 registry]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v6 181387b39e5d 17 hours ago 221.6 MB
rhel7 v5 002946b572e7 17 hours ago 221.6 MB
rhel7 v4 9c9649a460b6 18 hours ago 217.8 MB
<none> <none> 2e7555f865d3 19 hours ago 217.8 MB
<none> <none> 923854ed560d 19 hours ago 217.8 MB
rhel7 v2 72432c2a4fe3 19 hours ago 205.3 MB
rhel7 v1 8954447a7830 20 hours ago 203.7 MB
<none> <none> 793a29a64157 20 hours ago 174.4 MB
rhel7 apache aa5dcb12c80b 10 days ago 201 MB
rhel7 yum 892cfe370f35 10 days ago 173 MB
172.25.254.16:5000/nginx v1 af4b3d7d5401 14 months ago 190.5 MB
nginx latest af4b3d7d5401 14 months ago 190.5 MB
registry 2.3.1 83139345d017 14 months ago 165.8 MB
ubuntu latest 07c86167cdc4 14 months ago 187.9 MB
redis latest 4f5f397d4b7c 14 months ago 177.5 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation16 registry]# docker rmi 172.25.254.16:5000/nginx:v1 ##删除已有的镜像
Untagged: 172.25.254.16:5000/nginx:v1
[root@foundation16 registry]# docker rmi 172.25.254.16:/nginx
Failed to remove image (172.25.254.16:/nginx): Error response from daemon: No such image: 172.25.254.16:/nginx:latest
[root@foundation16 registry]# docker rmi 172.25.254.16:/nginx:v1
Failed to remove image (172.25.254.16:/nginx:v1): Error response from daemon: No such image: 172.25.254.16:/nginx:v1:latest
[root@foundation16 registry]# docker images nginx
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest af4b3d7d5401 14 months ago 190.5 MB
[root@foundation16 registry]# docker rmi nginx
Untagged: nginx:latest
Deleted: sha256:af4b3d7d5401624ed3a747dc20f88e2b5e92e0ee9954aab8f1b5724d7edeca5e
Deleted: sha256:42d2184b31e555191b5329abd0c9a97f82fe8c51991f19017e90d657398488cf
Deleted: sha256:b9dfb6190c842c4dda3115b829b4157cf9859554090fca1c4c51f56f7a40eca6
Deleted: sha256:1a31d9de2c5959dfcc9ede61e0575b119a125c7a206a77b88c6dfbeec35829f1
Deleted: sha256:8cc268db9c78453fc2203f4b7005e0b3c7291ae63e3d9c874ba53e5be664c9b8
Deleted: sha256:5ae35615df0549b450258af03ec74a0f7996d8aa30df5eae7cea7f9b08ed4be4
Deleted: sha256:02ff90df226000c1386080f59bc06672a0c442ce1dd5769c294f443368c4deb4
[root@foundation16 registry]# docker pull 172.25.254.16:5000/nginx:v1
v1: Pulling from nginx
fdd5d7827f33: Already exists
a3ed95caeb02: Pull complete
716f7a5f3082: Pull complete
7b10f03a0309: Pull complete
Digest: sha256:65b585de947cd350f4021dc9f6cc6b5ab823191ca7f9be2168bc0a1fc389064d
Status: Downloaded newer image for 172.25.254.16:5000/nginx:v1
[root@foundation16 registry]# docker tag 172.25.254.16:5000/nginx:v1 nginx
[root@foundation16 registry]# docker rmi 172.25.254.16:5000/nginx:v1
Untagged: 172.25.254.16:5000/nginx:v1
[root@foundation16 registry]# docker images nginx
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest af4b3d7d5401 14 months ago 190.5 MB
[root@foundation16 registry]#
docker仓库认证机制:
[root@foundation16 registry]# curl 172.25.254.16:v2/_catalog
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /_catalog was not found on this server.</p>
</body></html>
[root@foundation16 registry]# curl 172.25.254.16:5000/v2/_catalog
{"repositories":["nginx"]}
[root@foundation16 registry]# ll /opt/auth/htpasswd
-rw-r--r-- 1 root root 68 Apr 30 15:02 /opt/auth/htpasswd
[root@foundation16 registry]# cat /opt/auth/htpasswd
admin:$2y$05$/w5zm/oF7vGh278WtDBbvu2s9IKf93vyB8qTlkY2qDBmrYgZuzbq6
[root@foundation16 registry]# docker run --entrypoint htpasswd registry:2.3.1 -Bbn admin westos >/opt/auth/htpasswd ##建立容器并且设置用户名为admin密码为westos
admin:$2y$05$M606BUDbbEBqRX3l0xrVGuL8DHRvKc5njYIDgTeh8SlA/XujL4iXC
[root@foundation16 registry]# docker run -d -p 5000:5000 --name registry-auth -v /opt/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" registry:2.3.1 ##registry的配置文件都存储在registry中的/etc/docker/registry/config.yml文件。可以通过命令来修改配置文件的参数。
60631b1150e48851a02cc2bc2b6fab3f4bf3a78f1924b7761af61f43f49c7a55
[root@foundation16 registry]# cd
[root@foundation16 ~]# cd .d
.dbus/ .docker/
[root@foundation16 ~]# cd .docker/
[root@foundation16 .docker]# ls
config.json
[root@foundation16 .docker]# rm -fr *
[root@foundation16 .docker]# cd ..
[root@foundation16 ~]# rm -fr .d
.dbus/ .docker/
[root@foundation16 ~]# rm -fr .docker/
[root@foundation16 ~]# docker login 172.25.254.16:5000
Username: admin
Password:
Email: bobo@qq.com
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded
root@foundation16 ~]# ssh root@172.25.16.1
The authenticity of host '172.25.16.1 (172.25.16.1)' can't be established.
RSA key fingerprint is f1:70:e1:81:78:dc:01:e9:63:ed:ed:b8:5c:05:b2:52.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.16.1' (RSA) to the list of known hosts.
root@172.25.16.1's password:
Last login: Thu May 11 11:08:53 2017
最后
以上就是粗犷橘子为你收集整理的docker cgroups 资源限制的全部内容,希望文章能够帮你解决docker cgroups 资源限制所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复