docker cgroup - [docker cookbook] 读书笔记 2
Control Groups (cgroups) provide resource limitations and accounting for containers. From the Linux Kernel documentation:
Control Groups provide a mechanism for aggregating/partitioning sets
of tasks, and all their future children, into hierarchical groups with
specialized behaviour.
In simple terms, they can be compared to the ulimit shell command or the setrlimit system call. Instead of setting the resource limit to a single process, cgroups allow the limiting of resources to a group of processes.
Control groups are split into different subsystems, such as CPU, CPU sets, memory block I/O, and so on. Each subsystem can be used independently or can be grouped with others. The features that cgroups provide are:
- Resource limiting: For example, one cgroup can be bound to specific
CPUs, so all processes in that group would run off given CPUs only - Prioritization: Some groups may get a larger share of CPUs
- Accounting: You can measure the resource usage of different
subsystems for billing - Control: Freezing and restarting groups
Some of the subsystems that can be managed by cgroups are as follows:
- blkio: It sets I/O access to and from block devices such as disk,
SSD, and so on - Cpu: It limits access to CPU
- Cpuacct: It generates CPU resource utilization
- Cpuset: It assigns the CPUs on a multicore system to tasks in a
cgroup - Devices: It devises access to a set of tasks in a cgroup
- Freezer: It suspends or resumes tasks in a cgroup
- Memory: It sets limits on memory use by tasks in a cgroup
There are multiple ways to control work with cgroups. Two of the most popular ones are accessing the cgroup virtual filesystem manually and accessing it with the libcgroup library.