Definition Of “Control Groups” What cgroups are?
Control Groups, or short-cgroups are a part of the Linux kernel, the use of resources by processes restrict and monitor. They play in resource Management and Container-virtualization an important role.
CompaniesCgroups have been introduced for the Management of resources and the process of Isolation under Linux.
Linux brought with him from the beginning, a variety of mechanisms to control the use of System resources by processes. However, tools and configuration files, such as nice, ionice, cpulimit, and /etc/security/limits.conf operate inconsistently and are not flexible enough.Modern Cloud platforms with technologies such as containers and virtual servers require more efficient methods for resource Management, and process Isolation.
Cgroups were developed in 2006 by a few programmers at Google, to deliver solutions for a number of different use cases. Since January 2008, published in Kernel Version 2.6.24 cgroups are an integral part of the Linux kernel.
How does it work cgroups?
Processes or Tasks are organized under Linux, from the outset, hierarchically. Each Task must be started by another. He inherits several properties, such as Nice Level and I/O priority of the calling process. Similarly, Control Groups are hierarchically structured groups of processes. A major difference is that there can be multiple groups, hierarchies, while only a process-tree exists.
By using cgroups can be associated processes group, for example, to work in teams, Software containers or virtual servers. In this way, control can be groups of different subsystems for the resource Management associated with it. Each Subsystem (resource controller called) corresponds to a Kernel-managed resource.
Among the most important subsystems:
- cpu: limited or prioritize the CPU usage by the processes in a group.
- cpuset: specifies which processor the Tasks cores are allowed to run.
- blkio: limited access to block devices, such as storage media.
- devices: controls which Hardware devices are used.
- memory: limited storage requirements.
- net_prio: limits the data throughput of the network connections.
- cpuacct: the used processor measures the time for analyses and reports.
- perf_event: enables Performance analysis.
Resource Management with cgroups
Control Groups provide several methods to Set up, Configure and control groups. On the one hand, the Kernel exports a virtual directory tree under “/sys/fs/cgroup/”. Here, the groups with the classic Unix commands, such as “mkdir”, “rmdir” and “mv” create, remove, or rename. Processes to groups and subsystems can be written to the Pid of the Task by “echo” or “printf” in the appropriate files. In the same way, Limits can be set.
Convenient management via systemd or libcgroup is. Both provide commands for dealing with cgroups, such as systemd-cgls, systemd-run and systemd-cgtop, respectively, cgcreate, cgexec, and cgclassify. Furthermore, a permanent control groups with configuration files such as /etc/cgconfig.conf, or Systemd-Unit-create Files. The latter is also the Application Developer’s interesting. You can offer for your applications, system services or Software Container Unit-Files with presets.
Areas of use of Control Groups
Cgroups solve in a unified way a number of different problems. On a private PC or a company Workstations, compute – and memory-intensive programs such as web browsers, Computer Algebra systems, or scientific simulation applications for better control. Likewise, they allow a precise distribution of the scarce resources of Smart Devices, IoT devices and other Embedded Devices.
For the full development of control groups for servers and Container-virtualization. Often several services such as web servers, databases, and application servers run on a System, and in the case of virtual Hosting, multiple Users share the same Hardware. Here it needs today more than the rudimentary or wasteful methods of isolation and resource distribution through chroot cages and nice, respectively, virtual machines turning.
Control groups provide a fine-grained System for the allocation and Monitoring of various equipment. Using the Accounting function tariffs on the Basis of the consumed resources for virtual servers, and SaaS systems can implement.
Control Groups can be combined with Kernel Namespaces, Capabilities and security enhancements, such as SELinux or AppArmor. Although the resulting Isolation is less strict than in the case of full virtualization is sufficient in many cases. Container technologies such as Docker, Snap, LXC and libvirt are all based on this combination.