Edition 1.0
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
Mono-spaced Bold
To see the contents of the filemy_next_bestselling_novelin your current working directory, enter thecat my_next_bestselling_novelcommand at the shell prompt and press Enter to execute the command.
Press Enter to execute the command.Press Ctrl+Alt+F2 to switch to the first virtual terminal. Press Ctrl+Alt+F1 to return to your X-Windows session.
mono-spaced bold. For example:
File-related classes includefilesystemfor file systems,filefor files, anddirfor directories. Each class has its own associated set of permissions.
Choose → → from the main menu bar to launch Mouse Preferences. In the Buttons tab, click the Left-handed mouse check box and click to switch the primary mouse button from the left to the right (making the mouse suitable for use in the left hand).To insert a special character into a gedit file, choose → → from the main menu bar. Next, choose → from the Character Map menu bar, type the name of the character in the Search field and click . The character you sought will be highlighted in the Character Table. Double-click this highlighted character to place it in the Text to copy field and then click the button. Now switch back to your document and choose → from the gedit menu bar.
Mono-spaced Bold ItalicProportional Bold Italic
To connect to a remote machine using ssh, typesshat a shell prompt. If the remote machine isusername@domain.nameexample.comand your username on that machine is john, typessh john@example.com.Themount -o remountcommand remounts the named file system. For example, to remount thefile-system/homefile system, the command ismount -o remount /home.To see the version of a currently installed package, use therpm -qcommand. It will return a result as follows:package.package-version-release
Publican is a DocBook publishing system.
mono-spaced roman and presented thus:
books Desktop documentation drafts mss photos stuff svn books_tests Desktop1 downloads images notes scripts svgs
mono-spaced roman but add syntax highlighting as follows:
package org.jboss.book.jca.ex1; import javax.naming.InitialContext; public class ExClient { public static void main(String args[]) throws Exception { InitialContext iniCtx = new InitialContext(); Object ref = iniCtx.lookup("EchoBean"); EchoHome home = (EchoHome) ref; Echo echo = home.create(); System.out.println("Created Echo"); System.out.println("Echo.echo('Hello') = " + echo.echo("Hello")); } }
cgconfig (“control group config ”)
service can be configured to start up at boot time and reestablish your
predefined cgroups, thus making them persistent across reboots.
init
process, which is executed by the kernel at boot time and starts other
processes (which may in turn start child processes of their own).
Because all processes descend from a single parent, the Linux process
model is a single hierarchy, or tree.
init inherits the environment (such as the PATH variable)[1] and certain other attributes (such as open file descriptors) of its parent process.
blkio — this subsystem sets limits
on input/output access to and from block devices such as physical drives
(disk, solid state, USB, etc.).
cpu — this subsystem uses the scheduler to provide cgroup tasks access to the CPU.
cpuacct — this subsystem generates automatic reports on CPU resources used by tasks in a cgroup.
cpuset — this subsystem assigns individual CPUs (on a multicore system) and memory nodes to tasks in a cgroup.
devices — this subsystem allows or denies access to devices by tasks in a cgroup.
freezer — this subsystem suspends or resumes tasks in a cgroup.
memory — this subsystem sets limits
on memory use by tasks in a cgroup, and generates automatic reports on
memory resources used by those tasks.
net_cls — this subsystem tags network packets with a class identifier (classid) that allows the Linux traffic controller (tc) to identify packets originating from a particular cgroup task.
ns — the namespace subsystem
cpu) can be attached to at most one hierarchy.
cpu subsystem can never be attached to two different hierarchies.
cpu and memory
subsystems (or any number of subsystems) can be attached to a single
hierarchy, as long as each one is not attached to any other hierarchy.
cpu and memory subsystems are attached to a hierarchy named cpu_and_mem, and the net_cls subsystem is attached to a hierarchy named net, then a running httpd process could be a member of any one cgroup in cpu_and_mem, and any one cgroup in net.
cpu_and_mem that the http
process is a member of might restrict its CPU time to half of that
allotted to other processes, and limit its memory usage to a maximum of 1024 MB. Additionally, the cgroup in net that it is a member of might limit its transmission rate to 30 megabytes per second.
httpd task that is a member of the cgroup named half_cpu_1gb_max in the cpu_and_mem hierarchy, and a member of the cgroup trans_rate_30 in the net hierarchy. When that httpd process forks itself, its child process automatically becomes a member of the half_cpu_1gb_max cgroup, and the trans_rate_30 cgroup. It inherits the exact same cgroups its parent task belongs to.
~]# yum install libcgroupchkconfig, it reads the control group configuration file — /etc/cgconfig.conf.
Control groups are therefore recreated from session to session and
become persistent. Depending on the contents of the configuration file, cgconfig can create hierarchies, mount necessary file systems, create control groups, and set subsystem parameters for each group.
cgconfig.conf file installed with the libcgroup package creates and mounts an individual hierarchy for each subsystem, and attaches the subsystems to these hierarchies.
service cgconfig stop), it unmounts all the hierarchies that it mounted.
cgconfig.conf file contains two major types of entry — mount and group. Mount entries create and mount hierarchies as virtual filesystems, and attach subsystems to those hierarchies. For example:
mount {
cpuset = /cgroup/cpuset;
}
cpuset subsystem, the equivalent of the shell commands:
mkdir /cgroup/cpusetmount -t cgroup -o cpuset cpuset /cgroup/cpuset
group daemons/sql {
perm {
task {
uid = root;
gid = sqladmin;
} admin {
uid = root;
gid = root;
}
} cpuset {
cpuset.cpus = 0-3;
}
}
sqladmin group to add tasks to the control group and the root
user to modify subsystem parameters. When combined with the example of
the mount entry above, the equivalent shell commands are:
mkdir -p /cgroup/cpu/daemons/sqlchown root:root /cgroup/cpu/daemons/sql/*chown root:sqladmin /cgroup/cpu/daemons/sql/tasksecho 0-3 > /cgroup/cpu/daemons/sql/cpuset.cpus
/etc/cgconfig.conf. The # symbols at the start of each line comment that line out and make it invisible to the cgconfig service.
mount section of the /etc/cgconfig.conf file as root. Entries in the mount section have the following format:
subsystem= /cgroup/hierarchy;
cpu_and_mem and attaches the cpu, cpuset, cpuacct, and memory subsystems to it.
mount {
cpuset = /cgroup/cpu_and_mem;
cpu = /cgroup/cpu_and_mem;
cpuacct = /cgroup/cpu_and_mem;
memory = /cgroup/cpu_and_mem;
}~]# mkdir /cgroup/name~]# mkdir /cgroup/cpu_and_memmount command to mount the hierarchy and simultaneously attach one or more subsystems. For example:
mount -t cgroup -o subsystems name /cgroup/namesubsystems is a comma-separated list of subsystems and name is the name of the hierarchy. Brief descriptions of all available subsystems are listed in Available Subsystems in Red Hat Enterprise Linux, and Chapter 3, Subsystems and Tunable Parameters provides a detailed reference.
/cgroup/cpu_and_mem already exists, which will serve as the mount point for the hierarchy that we create. We will attach the cpu, cpuset and memory subsystems to a hierarchy we name cpu_and_mem, and mount the cpu_and_mem hierarchy on /cgroup/cpu_and_mem:
~]# mount -t cgroup -o cpu,cpuset,memory cpu_and_mem /cgroup/cpu_and_memlssubsys [3] command:
~]# lssubsys -am
cpu,cpuset,memory /cgroup/cpu_and_mem
net_cls
ns
cpu
cpuacct
devices
freezer
blkiocpu, cpuset and memory subsystems are attached to a hierarchy mounted on /cgroup/cpu_and_mem, and
net_cls, ns, cpu, cpuacct, devices, freezer and blkio subsystems are as yet unattached to any hierarchy, as illustrated by the lack of a corresponding mount point.
mount section of the /etc/cgconfig.conf file as root, using the same syntax described in Section 2.2, “Creating a Hierarchy and Attaching Subsystems”. When cgconfig next starts, it will reorganize the subsystems according to the hierarchies that you specify.
mount command, together with the remount option.
lssubsys command shows cpu, cpuset, and memory subsystems attached to the cpu_and_mem hierarchy:
~]# lssubsys -am
cpu,cpuset,memory /cgroup/cpu_and_mem
net_cls
ns
cpu
cpuacct
devices
freezer
blkiocpu_and_mem hierarchy, using the remount option, and including cpuacct in the list of subsystems:
~]# mount -t cgroup -o remount,cpu,cpuset,cpuacct,memory cpu_and_mem /cgroup/cpu_and_memlssubsys command now shows cpuacct attached to the cpu_and_mem hierarchy:
~]# lssubsys -am
cpu,cpuacct,cpuset,memory /cgroup/cpu_and_mem
net_cls
ns
devices
freezer
blkiocpuacct subsystem, simply remount and omit it:
~]# mount -t cgroup -o remount,cpu,cpuset,memory cpu_and_mem /cgroup/cpu_and_memumount command:
~]# umount /cgroup/name~]# umount /cgroup/cpu_and_memcgclear command which can deactivate a hierarchy even when it is not empty — refer to Section 2.11, “Unloading Groups”.
cgcreate command to create cgroups. The syntax for cgcreate is: cgcreate -t uid:gid -a uid:gid -g subsystems:path , where:
-t (optional) — specifies a user (by user ID, uid) and a group (by group ID, gid) to own the tasks pseudofile for this control group. This user can add tasks to the control group.
-a (optional) — specifies a user (by user ID, uid) and a group (by group ID, gid) to own all pseudofiles other than tasks for this control group. This user can modify the access that the tasks in this control group have to system resources.
-g — specifies the hierarchy in which the cgroup should be created, as a comma-separated list of the subsystems
associated with those hierarchies. If the subsystems in this list are
in different hierarchies, the group is created in each of these
hierarchies. The list of hierarchies is followed by a colon and the path to the child group relative to the hierarchy. Do not include the hierarchy mount point in the path.
/cgroup/cpu_and_mem/lab1/ is called just lab1
— its path is already uniquely determined because there is at most one
hierarchy for a given subsystem. Note also that the group is controlled
by all the subsystems that exist in the hierarchies in which the cgroup
is created, even though these subsystems have not been specified in the cgcreate command — refer to Example 2.3, “cgcreate usage”.
cpu and memory subsystems are mounted together in the cpu_and_mem hierarchy, and the net_cls controller is mounted in a separate hierarchy called net. We now run:
cgcreate -g cpu,net_cls:/test-subgroupcgcreate command creates two groups named test-subgroup, one in the cpu_and_mem hierarchy and one in the net hierarchy. The test-subgroup group in the cpu_and_mem hierarchy is controlled by the memory subsystem, even though we did not specify it in the cgcreate command.
mkdir command:
mkdir /cgroup/hierarchy/name/child_namemkdir /cgroup/cpuset/lab1/group1cgdelete, which has a syntax similar to that of cgcreate. Run: cgdelete subsystems:path, where:
subsystems is a comma-separated list of subsystems.
path is the path to the cgroup relative to the root of the hierarchy.
cgdelete cpu,net_cls:/test-subgroupcgdelete can also recursively remove all subgroups with the option -r.
cgset command from a user account with permission to modify the relevant control group. For example, if /cgroup/cpuset/group1 exists, specify the CPUs to which this group has access with the following command:
cgset -r cpuset.cpus=0-1 group1cgset is: cgset -r parameter=value path_to_cgroup , where:
parameter is the parameter to be set, which corresponds to the file in the directory of the given cgroup
value is the value for the parameter
path_to_cgroup is the path to the control group relative to the root of the hierarchy. For example, to set the parameter of the root group, run:
$cgset -r cpuset.cpus=1 /
. is relative to the root group (that is, the root group itself) you could also run:
$cgset -r cpuset.cpus=1 .
/ is the preferred syntax.
group1, which is a subgroup of the root group, run:
$cgset -r cpuset.cpus=1 group1
cpuset.cpus=1 group1/) is optional.
cgset might depend on values set higher in a particular hierarchy. For example, if group1 is limited to use only CPU 0 on a system, you cannot set group1/subgroup1 to use CPUs 0 and 1, or to use only CPU 1.
cgset to copy the parameters of one cgroup into another, existing cgroup. For example:
cgset --copy-from group1/ group2/cgset is: cgset --copy-from path_to_source_cgroup path_to_target_cgroup , where:
path_to_source_cgroup is the path to the control group whose parameters are to be copied, relative to the root group of the hierarchy
path_to_target_cgroup is the path to the destination control group, relative to the root group of the hierarchy
echo command. For example, this command inserts the value 0-1 into the cpuset.cpus pseudofile of the control group group1:
echo 0-1 > /cgroup/cpuset/group1/cpuset.cpuscgclassify command:
cgclassify -g cpu,memory:group1 1701cgclassify is: cgclassify -g subsystems:path_to_cgroup pidlist, where:
subsystems is a comma-separated list of subsystems, or *
to launch the process in the hierarchies associated with all available
subsystems. Note that if control groups of the same name exist in
multiple hierarchies, the -g option moves
the processes in each of those groups. Ensure that the cgroup exists
within each of the hierarchies whose subsystems you specify here.
path_to_cgroup is the path to the control group within its hierarchies
pidlist is a space-separated list of process identifier (PIDs)
--sticky option before the pid to keep any child processes in the same control group. If you do not set this option and the cgred daemon is running, child processes will be allocated to control groups based on the settings found in /etc/cgrules.conf. The process itself, however, will remain in the control group in which you started it.
cgclassify, you can move several processes simultaneously. For example, this command moves the processes with PIDs 1701 and 1138 into control group group1/:
cgclassify -g cpu,memory:group1 1701 1138tasks file of the control group. For example, to move a process with the PID 1701 into a control group at /cgroup/lab1/group1/:
echo 1701 > /cgroup/lab1/group1/tasks/etc/cgrules.conf file. Entries in the /etc/cgrules.conf file can take one of the two forms:
user hierarchies control_group
user:command hierarchies control_group
maria devices /usergroup/staff
maria access the devices subsystem according to the parameters specified in the /usergroup/staff control group. To associate particular commands with particular control groups, add the command parameter, as follows:
maria:ftp devices /usergroup/staff/ftp
maria uses the ftp command, the process is automatically moved to the /usergroup/staff/ftp control group in the hierarchy that contains the devices
subsystem. Note, however, that the daemon moves the process to the
control group only after the appropriate condition is fulfilled.
Therefore, the ftp process might run for a
short time in the wrong group. Furthermore, if the process quickly
spawns children while in the wrong group, these children might not be
moved.
/etc/cgrules.conf file can include the following extra notation:
@ — when prefixed to user, indicates a group instead of an individual user. For example, @admins are all users in the admins group.
* — represents "all". For example, * in the subsystem field represents all subsystems.
% — represents an item the same as the item in the line above. For example:
@adminstaff devices /admingroup @labstaff % %
cpuset controller, cpuset.cpus and cpuset.mems must be defined.
cgexec command. For example, this command launches the lynx web browser within the group1 control group, subject to the limitations imposed on that group by the cpu subsystem:
cgexec -g cpu:group1 lynx http://www.redhat.comcgexec is: cgexec -g subsystems:path_to_cgroup command arguements , where:
subsystems is a comma-separated list of subsystems, or * to launch the process in the hierarchies associated with all available subsystems. Note that, as with cgset described in Section 2.7, “Setting Parameters”, if control groups of the same name exist in multiple hierarchies, the -g
option creates processes in each of those groups. Ensure that the
cgroup exists within each of the hierarchies whose subsystems you
specify here.
path_to_cgroup is the path to the control group relative to the hierarchy.
command is the command to run
arguements are any arguements for the command
--sticky option before the command to keep any child processes in the same control group. If you do not set this option and the cgred daemon is running, child processes will be allocated to control groups based on the settings found in /etc/cgrules.conf. The process itself, however, will remain in the control group in which you started it.
echo $$ > /cgroup/lab1/group1/taskslynx
group1 control group. Therefore, an even better way would be:
sh -c "echo \$$ > /cgroup/lab1/group1/tasks && lynx"/etc/sysconfig/servicename file
daemon() function from /etc/init.d/functions to start the service
/etc/sysconfig directory to include an entry in the form CGROUP_DAEMON="subsystem:control_group" where subsystem is a subsystem associated with a particular hierarchy, and control_group is a control group in that hierarchy. For example:
CGROUP_DAEMON="cpuset:daemons/sql"
ps -O cgroupcat /proc/PID/cgroupcat /proc/cgroupslssubsys -m subsystemssubsystems is a list of the subsystems in which you are interested.
/cgroup. Assuming this is the case on your system, list or browse the contents of that directory to obtain a list of hierarchies. If tree is installed on your system, run it to obtain an overview of all hierarchies and the control groups within them:
tree /cgrouplscgroupcontroller:pathlscgroup cpuset:adminusersadminusers control group in the hierarchy to which the cpuset subsystem is attached.
cgget -r parameter list_of_cgroupsparameter is a pseudofile that contains values for a subsystem, and list_of_cgroups is a list of control groups separated with spaces. For example:
cgget -r cpuset.cpus -r memory.limit_in_bytes lab1 lab2cpuset.cpus and memory.limit_in_bytes for control groups lab1 and lab2.
cgget -g cpuset /cgclear command destroys all
control groups in all hierarchies. If you do not have these hierarchies
stored in a configuration file, you will not be able to readily
reconstruct them.
cgclear command.
man 1 cgclassify — the cgclassify command is used to move running tasks to one or more cgroups.
man 1 cgclear — the cgclear command is used to delete all cgroups in a hierarchy.
man 5 cgconfig.conf — cgroups are defined in the cgconfig.conf file.
man 8 cgconfigparser — the cgconfigparser command parses the cgconfig.conf file and mounts hierarchies.
man 1 cgcreate — the cgcreate command creates new cgroups in hierarchies.
man 1 cgdelete — the cgdelete command removes specified cgroups.
man 1 cgexec — the cgexec command runs tasks in specified cgroups.
man 1 cgget — the cgget command displays cgroup parameters.
man 5 cgred.conf — cgred.conf is the configuration file for the cgred service.
man 5 cgrules.conf — cgrules.conf contains the rules used for determining when tasks belong to certain cgroups.
man 8 cgrulesengd — the cgrulesengd service distributes tasks to cgroups.
man 1 cgset — the cgset command sets parameters for a cgroup.
man 1 lscgroup — the lscgroup command lists the cgroups in a hierarchy.
man 1 lssubsys — the lssubsys command lists the hierarchies containing the specified subsystems.
[3]
The lssubsys command is one of the utiilties provided by the libcgroup package. You must install libcgroup to use it: refer to Chapter 2, Using Control Groups if you are unable to run lssubsys.
cgroups.txt in the kernel documentation, installed on your system at /usr/share/doc/kernel-doc-kernel-version/Documentation/cgroups/. The latest version of the cgroups documentation is also available on line at http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt.
Note, however, that the features in the latest documentation might not
match those available in the kernel installed on your system.
cpuset.cpus is a pseudofile that specifies which CPUs a control group is permitted to access. If /cgroup/cpuset/webserver is a control group for the web server that runs on a system, and we run the following command:
~]# echo 0,2 > /cgroup/cpuset/webserver/cpuset.cpus0,2 is written to the cpuset.cpus pseudofile and therefore limits any tasks whose PIDs are listed in /cgroup/cpuset/webserver/tasks to use only CPU 0 and CPU 2 on the system.
blkio subsystem controls and
monitors access to I/O on block devices by tasks in control groups.
Writing values to some of these pseudofiles limits access or bandwidth,
and reading values from some of these pseudofiles provides information
on I/O operations.
100 to 1000. This value is overriden for specific devices by the blkio.weight_device parameter.For example, to assign a default weight of 500 to a control group for access to block devices, run:
echo 500 > blkio.weight100 to 1000. The value of this parameter overrides the value of blkio.weight for the devices specified. Values take the format major:minor weight, where major and minor are device types and node numbers specified in Linux Allocated Devices, otherwise known as the Linux Devices List and available from http://www.kernel.org/doc/Documentation/devices.txt. For example, to assign a weight of 500 to a control group for access to /dev/sda, run:
echo 8:0 500 > blkio.weight_device8:0 represents /dev/sda.
major, minor, and time. Major and minor are device types and node numbers specified in Linux Allocated Devices, and time is the length of time in milliseconds (ms).
major, minor, and sectors. Major and minor are device types and node numbers specified in Linux Allocated Devices, and sectors is the number of disk sectors.
major, minor, operation, and bytes. Major and minor are device types and node numbers specified in Linux Allocated Devices, operation represents the type of operation (read, write, sync, or async) and bytes is the number of bytes transferred.
major, minor, operation, and bytes. Major and minor are device types and node numbers specified in Linux Allocated Devices, operation represents the type of operation (read, write, sync, or async) and number represents the number of operations.
major, minor, operation, and bytes. Major and minor are device types and node numbers specified in Linux Allocated Devices, operation represents the type of operation (read, write, sync, or async) and time
is the length of time in nanoseconds (ns). The time is reported in
nanoseconds rather than a larger unit so that this report is meaningful
even for solid-state devices.
blkio.group_wait_time.
queue_depth >
1, the time reported only includes the time until the request is
dispatched to the device, not any time spent waiting for service while
the device re-orders requests.
major, minor, operation, and bytes. Major and minor are device types and node numbers specified in Linux Allocated Devices, operation represents the type of operation (read, write, sync, or async) and time
is the length of time in nanoseconds (ns). The time is reported in
nanoseconds rather than a larger unit so that this report is meaningful
even for solid-state devices.
number and operation. Number is the number of requests, and operation represents the type of operation (read, write, sync, or async).
number and operation. Number is the number of requests, and operation represents the type of operation (read, write, sync, or async).
CONFIG_DEBUG_BLK_CGROUP=y is set on the system.
CONFIG_DEBUG_BLK_CGROUP=y is set on the system.
CONFIG_DEBUG_BLK_CGROUP=y is set on the system.
CONFIG_DEBUG_BLK_CGROUP=y is set on the system.
major, minor, and number. Major and minor are device types and node numbers specified in Linux Allocated Devices, and number is the number of requests the group was dequeued. Note that this report is available only if CONFIG_DEBUG_BLK_CGROUP=y is set on the system.
cpu subsystem schedules CPU
access to control groups. Access to CPU resources can be scheduled
according to the following parameters, each one in a separate pseudofile within the control group virtual file system:
cpu.shares set to 1 will receive equal CPU time, but tasks in a control group that has cpu.shares set to 2 receive twice the CPU time of tasks in a control group where cpu.shares is set to 1.
cpu.rt_runtime_us to 4000000 and cpu.rt_period_us to 5000000.
cpu.rt_runtime_us to 4000000 and cpu.rt_period_us to 5000000.
cpuacct subsystem generates
automatic reports on CPU resources used by the tasks in a control group,
including tasks in child groups. Three reports are available:
USER_HZ on the system) consumed by tasks in this control group and its children in both user mode and system (kernel) mode.
cpuset subsystem assigns
individual CPUs and memory nodes to control groups. Each cpuset can be
specified according to the following parameters, each one in a separate pseudofile within the control group virtual file system:
-") to represent ranges. For example,
0-2,16
-") to represent ranges. For example,
0-2,16
0 or 1) that specifies whether a page in memory should migrate to a new node if the values in cpuset.mems change. By default, memory migration is disabled (0)
and pages stay on the node to which they were originally allocated,
even if this node is no longer one of the nodes now specified in cpuset.mems. If enabled (1), the system will migrate pages to memory nodes within the new parameters specified by cpuset.mems, maintaining their relative placement if possible — for example, pages on the second node on the list originally specified by cpuset.mems will be allocated to the second node on the list now specified by cpuset.mems, if this place is available.
0 or 1)
that specifies whether cpusets other than this one and its parents and
children can share the CPUs specified for this cpuset. By default (0), CPUs are not allocated exclusively to one cpuset.
0 or 1) that specifies whether other cpusets can share the memory nodes specified for this cpuset. By default (0), memory nodes are not allocated exclusively to one cpuset. Reserving memory nodes for the exclusive use of a cpuset (1) is functionally the same as enabling a memory hardwall with cpuset.mem_hardwall.
0 or 1)
that specifies whether kernel allocations of memory page and buffer
data should be restricted to the memory nodes specified for this cpuset.
By default (0), page and buffer data is shared across processes belonging to multiple users. With a hardwall enabled (1), each tasks's user allocation can be kept separate.
cpuset.memory_pressure_enabled is enabled, otherwise, the pseudofile contains the value 0.
0 or 1) that specifies whether the system should compute the memory pressure created by the processes in this control group. Computed values are output to cpuset.memory_pressure
and represent the rate at which processes attempt to free in-use
memory, reported as an integer value of attempts to reclaim memory per
second, multiplied by 1000.
0 or 1)
that specifies whether file system buffers should be spread evenly
across the memory nodes allocated to this cpuset. By default (0),
no attempt is made to spread memory pages for these buffers evenly, and
buffers are placed on the same node on which the process that created
them is running.
0 or 1)
that specifies whether kernel slab caches for file input/output
operations should be spread evenly across the cpuset. By default (0),
no attempt is made to spread kernel slab caches evenly, and slab caches
are placed on the same node on which the process that created them is
running.
0 or 1) that specifies whether the kernel will balance loads across the CPUs in this cpuset. By default (1), the kernel balances loads by moving processes from overloaded CPUs to less heavily used CPUs.
-1 and a
small positive value, which represents the width of the range of CPUs
across which the kernel should attempt to balance loads. This value is
meaningless if cpuset.sched_load_balance is disabled.
| Value | Effect |
|---|---|
-1 | Use the system default value for load balancing |
0 | Do not perform immediate load balancing; balance loads only periodically |
1 | Immediately balance loads across threads on the same core |
2 | Immediately balance loads across cores in the same package |
3 | Immediately balance loads across CPUs on the same node or blade |
4 | Immediately balance loads across several CPUs on architectures with non-uniform memory access (NUMA) |
5 | Immediately balance loads across all CPUs on architectures with NUMA |
devices subsystem allows or denies access to devices by tasks in a control group.
devices subsystem is considered to be a Technology Preview in Red Hat Enterprise Linux 6.
type, major, minor, and access. The values used in the type, major, and minor fields correspond to device types and node numbers specified in Linux Allocated Devices, otherwise known as the Linux Devices List and available from http://www.kernel.org/doc/Documentation/devices.txt.
type can have one of the following three values:
a — applies to all devices, both character devices and block devices
b — specifies a block device
c — specifies a character device
major and minor are device node numbers specified by Linux Allocated Devices. The major and minor numbers are separated by a colon. For example, 8 is the major number that specifies SCSI disk drives, and the minor number 1 specifies the first partition on the first SCSI disk drive; therefore 8:1 fully specifies this partition, corresponding to a file system location of /dev/sda1.
* can stand for all major or all minor device nodes, for example 9:* (all RAID devices) or *:* (all devices).
access is a sequence of one or more of the following letters:
r — allows tasks to read from the specified device
w — allows tasks to write to the specified device
m — allows tasks to create device files that do not yet exist
access is specified as r, tasks can only read from the specified device, but when access is specified as rw, tasks can read from and write to the device.
devices.allow.
freezer subsystem suspends or resumes tasks in a control group.
freezer.state has three possible values:
FROZEN — tasks in the control group are suspended.
FREEZING — the system is in the process of suspending tasks in the control group.
THAWED — tasks in the control group have resumed.
FROZEN and THAWED values can be written to freezer.state, FREEZING cannot be written, only read.
memory subsystem generates
automatic reports on memory resources used by the tasks in a control
group, and sets limits on memory use by those tasks:
| Statistic | Description |
|---|---|
cache
|
page cache, including tmpfs (shmem), in bytes
|
rss
|
anonymous and swap cache, not including tmpfs (shmem), in bytes
|
mapped_file
|
size of memory-mapped mapped files, including tmpfs (shmem), in bytes
|
pgpgin
| number of pages paged into memory |
pgpgout
| number of pages paged out of memory |
swap
| swap usage, in bytes |
active_anon
|
anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes
|
inactive_anon
|
anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes
|
active_file
| file-backed memory on active LRU list, in bytes |
inactive_file
| file-backed memory on inactive LRU list, in bytes |
unevictable
| memory that cannot be reclaimed, in bytes |
hierarchical_memory_limit
|
memory limit for the hierarchy that contains the memory cgroup, in bytes
|
hierarchical_memsw_limit
|
memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes
|
hierarchical_memory_limit and hierarchical_memsw_limit has a counterpart prefixed total_ that reports not only on the control group, but on all its children as well. For example, swap reports the swap usage by a control group and total_swap reports the total swap usage by the control group and all its child groups.
memory.stat, note how the various statistics inter-relate:
active_anon + inactive_anon = anonymous memory + file cache for tmpfs + swap cache
active_anon + inactive_anon ≠ rss, because rss does not include tmpfs.
active_file + inactive_file = cache - size of tmpfs
k or K for kilobytes, m or M for Megabytes, and g or G for Gigabytes.
memory.limit_in_bytes to limit the root control group; you can only apply values to groups lower in the hierarchy.
-1 to memory.limit_in_bytes to remove any existing limits.
k or K for kilobytes, m or M for Megabytes, and g or G for Gigabytes.
memory.memsw.limit_in_bytes to limit the root control group; you can only apply values to groups lower in the hierarchy.
-1 to memory.memsw.limit_in_bytes to remove any existing limits.
memory.limit_in_bytes.
memory.memsw.limit_in_bytes.
0, empties memory of all
pages used by tasks in this control group. This interface can only be
used when the control group has no tasks. If memory cannot be freed, it
is moved to a parent control group if possible. Use memory.force_empty before removing a control group to avoid moving out-of-use page caches to its parent control group.
/proc/sys/vm/swappiness for the system as a whole. The default value is 60. Values lower than 60 decrease the kernel's tendency to swap out process memory, values greater than 60 increase the kernel's tendency to swap out process memory, and values greater than 100 permit the kernel to swap out pages that are part of the address space of the processes in this control group.
0 does not
prevent process memory being swapped out; swap out might still happen
when there is a shortage of system memory because the global virtual
memory management logic does not read the cgroup value. To lock pages
completely, use mlock() instead of cgroups.
/proc/sys/vm/swappiness.
0 or 1) that specifies whether memory usage should be accounted for throughout a hierarchy of control groups. If enabled (1), the memory controller reclaims memory from the children of and process that exceeds its memory limit. By default (0), the controller does not reclaim memory from a task's children.
net_cls subsystem tags network packets with a class identifier (classid) that allows the Linux traffic controller (tc)
to identify packets originating from a particular control group. The
traffic controller can be configured to assign different priorities to
packets from different control groups.
net_cls.classid contains a single value in hexadecimal format that indicates a traffic control handle. For example, 0x100001 represents the handle conventionally written as 10:1 in the format used by iproute2.
0xAAAABBBB, where AAAA is the major number in hexadecimal and BBBB is the minor number in hexadecimal. You can omit any leading zeroes; 0x10001 is the same as 0x00010001, and represents 1:1.
net_cls adds to network packets.
ns subsystem provides a way to group processes into separate namespaces.
Within a particular namespace, processes can interact with each other
but are isolated from processes running in other namespaces. These
separate namespaces are sometimes referred to as containers when used for operating-system-level virtualization.
/usr/share/doc/kernel-doc-<kernel_version>/Documentation/cgroups/ directory.
blkio subsystem — blkio-controller.txt
cpuacct subsystem — cpuacct.txt
cpuset subsystem — cpusets.txt
devices subsystem — devices.txt
freezer subsystem — freezer-subsystem.txt
memory subsystem — memory.txt