Control groups (cgroups) provide a mechanism to put Linux processes (tasks) into groups, ensuring that critical workloads get the system resources (CPU, memory, and I/O) that they need. You can allocate system resources, track usage, and impose limits on the cgroups.
Cgroups provide fine-grained control of CPU, I/O, and memory resources. You can associate a set of CPU cores and memory nodes with a group of processes that make up an application or a group of applications. This enables the subsetting of larger systems; more fine-grained control over memory, CPUs and devices; and the isolation of applications.
Cgroups give you a great deal of control over how to set up a system, which memory to give, and which CPUs to give to an individual task. You can pin processes to the same NUMA (Non-uniform memory access) node and use NUMA-local memory. Cgroups facilitate database consolidation on large NUMA servers, I/O throttling support, and device whitelisting. Cgroups work inside virtual guests as well.
A cgroup subsystem is a kernel resource controller that applies limits or acts on a group of Linux processes. A subsystem represents a single kernel resource, such as memory or CPU cores. A cgroup associates a group of processes or tasks with a set of parameters for one or more subsystems. Processes assigned to each cgroup are subject to the subsystem parameters.
A subsystem is a kernel resource controller that applies limits or acts on a group of processes.
Following are brief descriptions of the cgroup subsystems:
- blkio – Sets limits on I/O bandwidth for block devices
- cpu – Schedules CPU access to cgroup tasks. It is mounted together with the cpuacct controller on the same mount.
- cpuacct – Reports CPU resources used by tasks in cgroup tasks
- cpuset – Assigns individual CPUs and memory nodes (for systems with NUMA architectures) to cgroup tasks
- devices – Grants or denies cgroup tasks access to devices
- freezer – Suspends or resumes cgroup tasks
- memory – Sets limits on memory use of cgroup tasks and reports on memory resources
- net_cls – Tags outgoing network packets with an identifier. You can configure the Linux traffic controller (tc) to assign different priorities to packets from different cgroups. It is mounted together with the net_prio controller on the same mount.
- net_prio – Allows priorities to be specified for each network interface for cgroups. It is mounted together with the net_cls controller on the same mount.
- perf_event – Enables monitoring of cgroups by using the perf tool
- hugetbl – Allows large page sizes of virtual memory and enforces resource limits on these pages
- pids – Sets limits on number of processes that can be created in cgroups
- rdma – Sets limits on use of RDMA/IB-specific resource in cgroups. RDMA stands for remote direct memory access. IB stands for InfiniBand.