What are control groups in RHEL or CentOS 7 and how to view different cgroups ?

I. Introduction to C Groups

Control Groups or CGroups were introduced in the Linux kernel by Google starting from 2006 onwards.
Control group as its name implies can set a group of resources’ limit which is assigned to a process or service.

It limits the maximum server usage a process can take and help the server to provide optimal performance when any of the service misbehaves and consumes more memory/CPU usage.

Systemd organizes these processes by assigning them inside various control groups. For example, all the processes started by Crond Scheduler will be in the same control group, and it also includes its CGI scripts.

CGroups stands for Control Groups. All the resources used by a process has its own CGroup sub-system defined which is also known as resource controller.

Let us look at the available resource controllers.

II. Resource Controllers or CGroup Sub-Systems

1. blkio: Limit Block Input Output from Block devices. (refer BlockIOWeight).
2. cpu: Limits CPU scheduler(or share) assigned to a CGroup task. (refer cpuacct controller & CPUShares).
3. cpuacct: CPU Accounting i.e. responsible for generating reports on CPU resources used by various tasks in a CGroup.
Mounted alongwith cpu controller on the same mount point (refer CPUShares).
4. cpuset: Sets individual CPU cores (on a multi-core system) and memory to different tasks in various CGroups.
5. devices: Manage access to devices by different tasks in a CGroup(either allows or denies the access).
6. freezer: Freeze or Unfreeze tasks in a CGroup(i.e. suspends or resumes).
7. memory: Limits the memory use by different tasks in a CGroup.
Also generates automatic reports based on memory usage by resources of the tasks (refer MemoryLimit).
8. net_cls: Network class identifier is assigned to network packets which allows Linux traffic controller (i.e. tc command) to identify packets originating from a particular Control Group.
9. perf_event: perf events helps us to capture and monitor CGroups with perf tool.
10.hugetlb: Huge/Large Page Support allows a CGroup to use large size virtual memory pages.
This parameter helps us to enforce resource limits on these pages.

III. Working with CGroups.

1. View Control Group Contents Recursively

bash-4.2# systemd-cgls 
├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
│ └─machine-qemu\x2d1\x2dr288\x2distrs\x2dimaging.rtl.ngelinux.com.scope
│   └─11591 /usr/libexec/qemu-kvm -name r288-istrs-imaging.rtl.ngelinux.com -S -machine pc-i440fx-rhel7.0.0,accel=kvm,usb=off,dump-guest-core=off -m 8192 -realtime
  │ └─19443 /usr/sbin/rsyslogd -n
  │ └─17390 /sbin/rpcbind -w
  │ ├─ 7977 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 7978 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 7979 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 7982 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 7983 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 7985 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 7986 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 7987 /usr/sbin/httpd -DFOREGROUND
  │ └─32251 /usr/sbin/httpd -DFOREGROUND
  │ └─11378 /usr/sbin/virtlogd
  │ └─9874 /usr/sbin/crond -n
  │ ├─ 9628 /usr/sbin/libvirtd
  │ ├─11163 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/pxe.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
  │ └─11164 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/pxe.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
  │ ├─ 2743 sshd: c5014038 [priv
[Output Truncated]


The Systemd unit tree is made up of several parts:
a. Topmost: Root slice called -.slice,
b. Below Levels: system.slice (default place for all system services),
user.slice (default place for all user sessions) and,
machine.slice (default place for all virtual machines and Linux containers),
c. Below levels we have scopes i.e. group of generated processes started via fork from the root process and services.
These processes are created through a unit file.

2. Viewing current session Cgroup Tree.

bash-4.2# systemd-cgls | grep -iB 5 bash
  │ ├─ 8983 /usr/sbin/sshd -D
  │ ├─20430 sshd: c5014038 [priv]
  │ ├─20440 sshd: c5014038@pts/1
  │ ├─20442 -bash
  │ ├─26792 sudo bash
  │ ├─26798 bash
  │ ├─28569 systemd-cgls
  │ └─28570 grep -iB 5 bash

bash-4.2# echo $$


3. Get the topmost Cgroups consuming high memory and CPU.

# systemd-cgtop
Path                                                                                                                     Tasks   %CPU   Memory  Input/s Output/s

/                                                                                                                          317    4.3    41.1G        -        -
/machine.slice                                                                                                               -    1.6    25.4G        -        -
/machine.slice/machine-qemu\x2d1\x2dr288\x2distrs\x2dimaging.rtl.ngelinux.com.scope                                             4    1.6    25.4G        -        -
/system.slice                                                                                                               82    1.3   298.1M        -        -
/machine.slice/machine-qemu\x2d1\x2dr288\x2distrs\x2dimaging.rtl.ngelinux.com.scope/vcpu3                                       1    0.6        -        -        -
/machine.slice/machine-qemu\x2d1\x2dr288\x2distrs\x2dimaging.rtl.ngelinux.com.scope/emulator                                    4    0.5        -        -        -
/machine.slice/machine-qemu\x2d1\x2dr288\x2distrs\x2dimaging.rtl.ngelinux.com.scope/vcpu2                                       1    0.3        -        -        -
/machine.slice/machine-qemu\x2d1\x2dr288\x2distrs\x2dimaging.rtl.ngelinux.com.scope/vcpu1                                       1    0.1        -        -        -
/machine.slice/machine-qemu\x2d1\x2dr288\x2distrs\x2dimaging.rtl.ngelinux.com.scope/vcpu0                                       1    0.1        -        -        -
/system.slice/NetworkManager.service                                                                                         1      -        -        -        -
/system.slice/crond.service                                                                                                  1      -        -        -        -
/system.slice/dbus.service                                                                                                   1      -        -        -        -


4. Kill a service including all its associated services as seen in cgroup.

# systemctl kill crond


5. Get/Set CPU Shares assigned to a service

### Get default CPUShares assigned
### Showing the random number
bash-4.2# systemctl show -p CPUShares crond.service

### Set new value of CPUShares
# systemctl set-property crond.service CPUShares=5000

### View the change
bash-4.2# systemctl show -p CPUShares crond.service


Similar to above property, we can change any CGroup resource limit to suit our needs.

Hence we can say RHEL 7 or CentOS 7 by default implements the execellent feature of cgroups and helps us to allocate the resources based on our requirements.

0 0 votes
Article Rating
Notify of

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
4 years ago

Informative content