Английская Википедия:Cgroups

Шаблон:Short description Шаблон:Redirect Шаблон:Use dmy dates Шаблон:Lowercase title Шаблон:Infobox software

cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, etc.^[1]) of a collection of processes.

Engineers at Google started the work on this feature in 2006 under the name "process containers".^[2] In late 2007, the nomenclature changed to "control groups" to avoid confusion caused by multiple meanings of the term "container" in the Linux kernel context, and the control groups functionality was merged into the Linux kernel mainline in kernel version 2.6.24, which was released in January 2008.^[3] Since then, developers have added many new features and controllers, such as support for kernfs in 2014,^[4] firewalling,^[5] and unified hierarchy.^[6] cgroup v2 was merged in Linux kernel 4.5^[7] with significant changes to the interface and internal functionality.^[8]

Versions

Шаблон:Cleanup

There are two versions of cgroups.

Cgroups was originally written by Paul Menage and Rohit Seth, and merged into the mainline Linux kernel in 2007. Afterwards this is called cgroups version 1.^[9]

Development and maintenance of cgroups was then taken over by Tejun Heo. Tejun Heo redesigned and rewrote cgroups. This rewrite is now called version 2, the documentation of cgroup-v2 first appeared in Linux kernel 4.5 released on 14 March 2016.^[7]

Unlike v1, cgroup v2 has only a single process hierarchy and discriminates between processes, not threads.

Features

One of the design goals of cgroups is to provide a unified interface to many different use cases, from controlling single processes (by using nice, for example) to full operating system-level virtualization (as provided by OpenVZ, Linux-VServer or LXC, for example). Cgroups provides:

Resource limiting

groups can be set to not exceed a configured memory limit, which also includes the file system cache,^[10][11] I/O bandwidth limit,^[12] CPU quota limit,^[13] CPU set limit,^[14] or maximum open files.^[15]

Prioritization

some groups may get a larger share of CPU utilization^[16] or disk I/O throughput^[17]

Accounting

measures a group's resource usage, which may be used, for example, for billing purposes^[18]

Control

freezing groups of processes, their checkpointing and restarting^[18]

Шаблон:AnchorUse

Файл:Linux kernel and daemons with exclusive access.svg

A control group (abbreviated as cgroup) is a collection of processes that are bound by the same criteria and associated with a set of parameters or limits. These groups can be hierarchical, meaning that each group inherits limits from its parent group. The kernel provides access to multiple controllers (also called subsystems) through the cgroup interface;^[3] for example, the "memory" controller limits memory use, "cpuacct" accounts CPU usage, etc.

Control groups can be used in multiple ways:

• By accessing the cgroup virtual file system manually.
• By creating and managing groups on the fly using tools like cgcreate, cgexec, and cgclassify (from libcgroup).
• Through the "rules engine daemon" that can automatically move processes of certain users, groups, or commands to cgroups as specified in its configuration.
• Indirectly through other software that uses cgroups, such as Docker, Firejail, LXC,^[19] libvirt, systemd, Open Grid Scheduler/Grid Engine,^[20] and Google's developmentally defunct lmctfy.

The Linux kernel documentation contains some technical details of the setup and use of control groups version 1^[21] and version 2.^[22] systemd-cgtop^[23] command can be used to show top control groups by their resource usage.

Redesign

Redesign of cgroups started in 2013,^[24] with additional changes brought by versions 3.15 and 3.16 of the Linux kernel.^[25][26][27]

Шаблон:AnchorNamespace isolation

Шаблон:Main While not technically part of the cgroups work, a related feature of the Linux kernel is namespace isolation, where groups of processes are separated such that they cannot "see" resources in other groups. For example, a PID namespace provides a separate enumeration of process identifiers within each namespace. Also available are mount, user, UTS, network and SysV IPC namespaces.

• The PID namespace provides isolation for the allocation of process identifiers (PIDs), lists of processes and their details. While the new namespace is isolated from other siblings, processes in its "parent" namespace still see all processes in child namespaces—albeit with different PID numbers.^[28]
• Network namespace isolates the network interface controllers (physical or virtual), iptables firewall rules, routing tables etc. Network namespaces can be connected with each other using the "veth" virtual Ethernet device.^[29]
• "UTS" namespace allows changing the hostname.
• Mount namespace allows creating a different file system layout, or making certain mount points read-only.^[30]
• IPC namespace isolates the System V inter-process communication between namespaces.
• User namespace isolates the user IDs between namespaces.^[31]
• Cgroup namespace^[32]

Namespaces are created with the "unshare" command or syscall, or as "new" flags in a "clone" syscall.^[33]

The "ns" subsystem was added early in cgroups development to integrate namespaces and control groups. If the "ns" cgroup was mounted, each namespace would also create a new group in the cgroup hierarchy. This was an experiment that was later judged to be a poor fit for the cgroups API, and removed from the kernel.

Linux namespaces were inspired by the more general namespace functionality used heavily throughout Plan 9 from Bell Labs.^[34]

Unified hierarchy

Kernfs was introduced into the Linux kernel with version 3.14 in March 2014, the main author being Tejun Heo.^[35] One of the main motivators for a separate kernfs is the cgroups file system. Kernfs is basically created by splitting off some of the sysfs logic into an independent entity, thus easing for other kernel subsystems the implementation of their own virtual file system with handling for device connect and disconnect, dynamic creation and removal, and other attributes. Redesign continued into version 3.15 of the Linux kernel.^[36]

Шаблон:AnchorKernel memory control groups (kmemcg)

Kernel memory control groups (kmemcg) were merged into version 3.8 (Шаблон:Release date and age) of the Linux kernel mainline.^[37][38][39] The kmemcg controller can limit the amount of memory that the kernel can utilize to manage its own internal processes.

cgroup awareness of OOM killer

Linux Kernel 4.19 (October 2018) introduced cgroup awareness of OOM killer implementation which adds an ability to kill a cgroup as a single unit and so guarantee the integrity of the workload.^[40]

Шаблон:AnchorAdoption

Various projects use cgroups as their basis, including CoreOS, Docker (in 2013), Hadoop, Jelastic, Kubernetes,^[41] lmctfy (Let Me Contain That For You), LXC (LinuX Containers), systemd, Mesos and Mesosphere,^[41] and HTCondor. Major Linux distributions also adopted it such as Red Hat Enterprise Linux (RHEL) 6.0 in November 2010, three years before adoption by the mainline Linux kernel.^[42]

On 29 October 2019, the Fedora Project modified Fedora 31 to use CgroupsV2 by default^[43]

See also

Шаблон:Portal

• Operating system–level virtualization implementations
• Process group
• Tc (Linux)Шаблон:Snd a traffic control utility slightly overlapping in functionality with network-oriented cgroup settings
• Job objectШаблон:Snd the equivalent Windows concept, as managed by that platform’s Object Manager

References

Шаблон:Reflist

External links

• Official Linux kernel documentation on cgroups v1 and cgroups v2
• Red Hat Resource Management Guide on cgroups
• Ubuntu manpage on cgroups
• Linux kernel Namespaces and cgroups by Rami Rosen (2013)
• Namespaces and cgroups, the basis of Linux containers (including cgroups v2), slides of a talk by Rami Rosen, Netdev 1.1, Seville, Spain, 2016
• Understanding the new control groups API, LWN.net, by Rami Rosen, March 2016
• Large-scale cluster management at Google with Borg, April 2015, by Abhishek Verma, Luis Pedrosa, Madhukar Korupolu, David Oppenheimer, Eric Tune and John Wilkes
• Job Objects, similar feature on Windows

Шаблон:Virtualization software Шаблон:Linux kernel

Партнерские ресурсы
Криптовалюты	Обмен криптовалют - www.bestchange.ru Криптовалютная биржа CoinEx Криптовалютная биржа Binance HIVE OS - операционная система для майнинга e4pool - Мультивалютный пул для майнинга.
Магазины	AliExpress — глобальная виртуальная (в Интернете) торговая площадка, предоставляющая возможность покупать товары производителей из КНР; computeruniverse.net - Интернет-магазин компьютеров(Промо код 5 Евро на первую покупку:FWWC3ZKQ);
Хостинг	DigitalOcean - американский провайдер облачных инфраструктур, с главным офисом в Нью-Йорке и с центрами обработки данных по всему миру;
Разное	Викиум - Онлайн-тренажер для мозга Like Центр - Центр поддержки и развития предпринимательства. Gamersbay - лучший магазин по бустингу для World of Warcraft. Ноотропы OmniMind N°1 - Усиливает мозговую активность. Повышает мотивацию. Улучшает память. Санкт-Петербургская школа телевидения - это федеральная сеть образовательных центров, которая имеет филиалы в 37 городах России. Lingualeo.com — интерактивный онлайн-сервис для изучения и практики английского языка в увлекательной игровой форме. Junyschool (Джунискул) – международная школа программирования и дизайна для детей и подростков от 5 до 17 лет, где ученики осваивают компьютерную грамотность, развивают алгоритмическое и креативное мышление, изучают основы программирования и компьютерной графики, создают собственные проекты: игры, сайты, программы, приложения, анимации, 3D-модели, монтируют видео. Умназия - Интерактивные онлайн-курсы и тренажеры для развития мышления детей 6-13 лет SkillBox - это один из лидеров российского рынка онлайн-образования. Среди партнеров Skillbox ведущий разработчик сервисного дизайна AIC, медиа-компания Yoola, первое и самое крупное русскоязычное аналитическое агентство Tagline, онлайн-школа дизайна и иллюстрации Bang! Bang! Education, оператор PR-рынка PACO, студия рисования Draw&Go, агентство performance-маркетинга Ingate, scrum-студия Sibirix, имидж-лаборатория Персона. «Нетология» — это университет по подготовке и дополнительному обучению специалистов в области интернет-маркетинга, управления проектами и продуктами, дизайна, Data Science и разработки. В рамках Нетологии студенты получают ценные теоретические знания от лучших экспертов Рунета, выполняют практические задания на отработку полученных навыков, общаются с экспертами и единомышленниками. Познакомиться со всеми продуктами подробнее можно на сайте https://netology.ru, линейка курсов и профессий постоянно обновляется. StudyBay Brazil – это онлайн биржа для португалоговорящих студентов и авторов! Студент получает уникальную работу любого уровня сложности и больше свободного времени, в то время как у автора появляется дополнительный заработок и бесценный опыт. Автор24 — самая большая в России площадка по написанию учебных работ: контрольные и курсовые работы, дипломы, рефераты, решение задач, отчеты по практике, а так же любой другой вид работы. Сервис сотрудничает с более 70 000 авторов. Более 1 000 000 работ уже выполнено. StudyBay – это онлайн биржа для англоязычных студентов и авторов! Студент получает уникальную работу любого уровня сложности и больше свободного времени, в то время как у автора появляется дополнительный заработок и бесценный опыт.